stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
65106afe4cd0edc305b53162ee32ea89e787fe10
git.stella-ops.org/src/Scanner
History
master 6592cdcc9b refactor(graph): absorb Cartographer into graph-api + wire Graph Indexer 
- Wire Graph Indexer library + Persistence into graph-api (csproj refs + DI)
- Add build/overlay endpoints matching Scheduler HTTP contracts
  (POST/GET /api/graphs/builds, POST/GET /api/graphs/overlays)
- Add PostgresGraphRepository for reading from graph.graph_nodes/edges
- Register SBOM ingest, analytics, change-stream, and inspector pipelines
- Comment out Cartographer container in compose (empty shell, Slot 21)
- Add cartographer.stella-ops.local as backwards-compat alias on graph-api
- Update Scheduler config to target graph.stella-ops.local
- Update services-matrix.env, hosts file, port-registry, module-matrix
- Update component-map, architecture docs, Scanner/Graph READMEs
- Eliminates 1 container (stellaops-cartographer)

All 133 existing tests pass (77 Api + 37 Indexer + 19 Core).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-08 15:48:18 +03:00
..
__Benchmarks
stabilize tests
2026-02-01 21:37:40 +02:00
__Libraries
Tag all Valkey/Redis connections with service-specific ClientName
2026-04-06 08:51:27 +03:00
__Tests
Complete release compatibility and host inventory sprints
2026-03-31 23:53:45 +03:00
docs
save checkpoint
2026-02-11 01:32:14 +02:00
samples/api/reports
save progress
2026-01-02 15:52:55 +02:00
StellaOps.Scanner.Analyzers.Lang.Deno
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Analyzers.Lang.Php
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Analyzers.Lang.Ruby
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Analyzers.Native
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Analyzers.Plugin.Unified
stabilize tests
2026-02-01 21:37:40 +02:00
StellaOps.Scanner.Cartographer
consolidation of some of the modules, localization fixes, product advisories work, qa work
2026-03-05 03:54:22 +02:00
StellaOps.Scanner.Sbomer.BuildXPlugin
stela ops usage fixes roles propagation and timoeut, one account to support multi tenants, migrations consolidation, search to support documentation, doctor and open api vector db search
2026-02-22 19:27:54 +02:00
StellaOps.Scanner.WebService
Tag all Valkey/Redis connections with service-specific ClientName
2026-04-06 08:51:27 +03:00
StellaOps.Scanner.Worker
Repair live canonical migrations and scanner cache bootstrap
2026-03-09 21:56:41 +02:00
AGENTS_SCORE_PROOFS.md
product advisories add change contiang folder
2026-01-08 09:06:03 +02:00
AGENTS.md
consolidation of some of the modules, localization fixes, product advisories work, qa work
2026-03-05 03:54:22 +02:00
README.md
refactor(graph): absorb Cartographer into graph-api + wire Graph Indexer
2026-04-08 15:48:18 +03:00
StellaOps.Scanner.sln
consolidation of some of the modules, localization fixes, product advisories work, qa work
2026-03-05 03:54:22 +02:00

README.md

Scanner

Container(s): stellaops-scanner-web, stellaops-scanner-worker Slot: 8 (web + worker) | Port: 8444 (web) | Consumer Group: scanner (web) Resource Tier: heavy (web + worker)

Note: Cartographer (Slot 21) has been retired and merged into graph-api (Slot 20). See src/Graph/README.md for the merged service.

Purpose

The Scanner module performs SBOM generation, vulnerability analysis, reachability mapping, and supply-chain security scanning of container images. The web service exposes scan APIs (triage, SBOM queries, offline-kit management, replay commands), while the worker processes scan jobs from Valkey queues through a multi-stage pipeline (analyzers, EPSS enrichment, secrets detection, crypto analysis, build provenance, PoE generation, verdict push).

API Surface

  • scanner (via Router) — SBOM queries, scan submissions, triage, reachability slices, offline-kit import/export, smart-diff, policy gate evaluation
  • cartographer — RETIRED; merged into graph-api (Slot 20)

Storage

PostgreSQL schema scanner (via ScannerStorage:Postgres); RustFS object store for artifacts (scanner-artifacts bucket)

Background Workers

  • ScannerWorkerHostedService — processes scan jobs from Valkey queue
  • EpssIngestJob — EPSS score ingestion
  • EpssEnrichmentJob — live EPSS enrichment of scan results
  • EpssSignalJob — EPSS signal emission
  • FnDriftMetricsExporter — function drift metrics