efa33efdbc
Sprint 2 — Registry image search (S2-T01/T02/T03):
Harbor plugin: SearchRepositoriesAsync + ListArtifactsAsync calling
Harbor /api/v2.0/search and /api/v2.0/projects/*/repositories/*/artifacts
Platform endpoint: GET /api/v1/registries/images/search proxies to
Harbor fixture, returns aggregated RegistryImage[] response
Frontend: release-management.client.ts now calls /api/v1/registries/*
instead of the nonexistent /api/registry/* path
Gateway route: /api/v1/registries → platform (ReverseProxy)
Sprint 3 — Workflow chain links (S3-T01/T02/T03/T05):
S3-T01: Integration detail health tab shows "Scan your first image"
CTA after successful registry connection test
S3-T02: Scan submit page already had "View findings" link (verified)
S3-T03: Triage findings detail shows "Check policy gates" banner
after recording a VEX decision
S3-T05: Promotions list + detail show "Review blocking finding"
link when promotion is blocked by gate failure
Sprint 5 — Unified security data (S5-T01):
Security Posture now queries VULNERABILITY_API for triage stats
Risk Posture card shows real finding count from triage (was hardcoded 0)
Risk label computed from triage severity breakdown (GUARDED→HIGH)
Blocking Items shows critical+high counts from triage
"View in Vulnerabilities workspace" drilldown link added
Angular build: 0 errors. .NET builds: 0 errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DevOps
Deployment infrastructure for StellaOps.
Stack
| Component | Technology |
|---|---|
| Database | PostgreSQL 18.1 |
| Cache/Queue | Valkey 9.0.1 |
| Storage | RustFS |
| Transparency | Rekor v2 |
Structure
devops/
├── compose/ # Docker Compose files
├── helm/ # Kubernetes Helm chart
├── docker/ # Dockerfiles
├── runtime-assets/ # Runtime data assets (ML models, JDK, Ghidra, certs)
├── database/ # PostgreSQL migrations
├── scripts/ # Operational scripts
├── offline/ # Air-gap support
├── telemetry/ # Alerts & dashboards
├── logging/ # Log config templates
├── release/ # Release tools
├── releases/ # Release manifests
├── secrets/ # Secret templates
└── tools/ # Validation scripts
Runtime Data Assets
Services require certain files at runtime that are not produced by dotnet publish
or npm run build: ML model weights, JDK/Ghidra for binary analysis, certificates,
and more. Before building Docker images or creating offline bundles, run:
./devops/runtime-assets/acquire.sh --all # download and verify
./devops/runtime-assets/acquire.sh --verify # check existing assets
./devops/runtime-assets/acquire.sh --package # create air-gap tarball
See devops/runtime-assets/README.md for the full inventory and provisioning guide.
Quick Start
# Local stack
docker compose -f devops/compose/docker-compose.stella-ops.yml up -d
# With telemetry
docker compose -f devops/compose/docker-compose.stella-ops.yml \
-f devops/compose/docker-compose.telemetry.yml up -d
# Kubernetes
helm install stellaops devops/helm/stellaops \
-f devops/helm/stellaops/values-prod.yaml \
-n stellaops --create-namespace
Compose Files
| File | Purpose |
|---|---|
stella-ops.yml |
Main stack |
telemetry.yml |
Observability |
testing.yml |
CI infrastructure |
compliance-china.yml |
SM2/SM3/SM4 |
compliance-russia.yml |
GOST |
compliance-eu.yml |
eIDAS |