573d3d2a8d
# Conflicts: # src/Findings/StellaOps.Findings.Ledger.WebService/Services/VulnExplorerRepositories.cs # src/Findings/StellaOps.Findings.Ledger/migrations/010_vex_fix_audit_tables.sql
Findings
Container(s): stellaops-findings-ledger-web, stellaops-riskengine-web, stellaops-riskengine-worker, stellaops-api (VulnExplorer) Slot: 25 (ledger), 16 (riskengine), 13 (vulnexplorer) | Port: 8080 | Consumer Group: findings-ledger, riskengine, vulnexplorer Resource Tier: medium (ledger, riskengine), light (vulnexplorer, riskengine-worker)
Purpose
The Findings module provides an append-only event ledger for security findings, a risk scoring engine with pluggable providers (CVSS/KEV/EPSS/VEX/fix-exposure), and a vulnerability explorer API. The Ledger tracks finding lifecycle with Merkle-tree integrity, incident management, and scoring APIs. The RiskEngine computes risk scores via job queue. VulnExplorer provides the UI-facing query API.
API Surface
findings-ledger(via Router) — finding event ingestion, queries, export, incident management, EWS scoring, Merkle proofs, attachment managementriskengine(via Router) — risk score providers listing, job submission, simulation, exploit maturityvulnexplorer(via Router) — vulnerability search and investigation queries
Storage
PostgreSQL (ConnectionStrings:Default / ConnectionStrings:FindingsLedger); RiskEngine supports PostgreSQL or in-memory
Background Workers
riskengine-worker— background risk score computation (Workerhosted service)