15b4a1de6a
- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys. - Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations. - Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
37 lines
5.1 KiB
Markdown
Executable File
37 lines
5.1 KiB
Markdown
Executable File
# 4 · Feature Matrix — **Stella Ops**
|
||
*(rev 2.0 · 14 Jul 2025)*
|
||
|
||
> **Looking for a quick read?** Check [`key-features.md`](key-features.md) for the short capability cards; this matrix keeps full tier-by-tier detail.
|
||
|
||
| Category | Capability | Free Tier (≤ 333 scans / day) | Community Plug‑in | Commercial Add‑On | Notes / ETA |
|
||
| ---------------------- | ------------------------------------- | ----------------------------- | ----------------- | ------------------- | ------------------------------------------ |
|
||
| **SBOM Ingestion** | Trivy‑JSON, SPDX‑JSON, CycloneDX‑JSON | ✅ | — | — | Auto‑detect on upload |
|
||
| | **Delta‑SBOM Cache** | ✅ | — | — | Warm scans < 1 s |
|
||
| **Scanning** | CVE lookup via local DB | ✅ | — | — | Update job ships weekly feeds |
|
||
| | Licence‑risk detection | ⏳ (roadmap Q4‑2025) | — | — | SPDX licence list |
|
||
| **Policy Engine** | YAML rules | ✅ | — | — | In‑UI editor |
|
||
| | OPA / Rego | ⏳ (β Q1‑2026) | ✅ plug‑in | — | Plug‑in enables Rego |
|
||
| **Registry** | Anonymous internal registry | ✅ | — | — | `StellaOps.Registry` image |
|
||
| **Attestation** | Cosign signing | ⏳ (Q1‑2026) | — | — | Requires `StellaOpsAttestor` |
|
||
| | SLSA provenance v1.0 | — | — | ⏳ (commercial 2026) | Enterprise need |
|
||
| | Rekor transparency log | — | ✅ plug‑in | — | Air‑gap replica support |
|
||
| **Quota & Throttling** | {{ quota_token }} scans/day soft limit | ✅ | — | — | Yellow banner at 200, wait‑wall post‑limit |
|
||
| | Usage API (`/quota`) | ✅ | — | — | CI can poll remaining scans |
|
||
| **User Interface** | Dark / light mode | ✅ | — | — | Auto‑detect OS theme |
|
||
| | Additional locale (Cyrillic) | ✅ | — | — | Default if `Accept‑Language: bg` or any other |
|
||
| | Audit trail | ✅ | — | — | Mongo history |
|
||
| **Deployment** | Docker Compose bundle | ✅ | — | — | Single‑node |
|
||
| | Helm chart (K8s) | ✅ | — | — | Horizontal scaling |
|
||
| | High‑availability split services | — | — | ✅ (Add‑On) | HA Redis & Mongo |
|
||
| **Extensibility** | .NET hot‑load plug‑ins | ✅ | N/A | — | AGPL reference SDK |
|
||
| | Community plug‑in marketplace | — | ⏳ (β Q2‑2026) | — | Moderated listings |
|
||
| **Telemetry** | Opt‑in anonymous metrics | ✅ | — | — | Required for quota satisfaction KPI |
|
||
| **Quota & Tokens** | **Client‑JWT issuance** | ✅ (online 12 h token) | — | — | `/connect/token` |
|
||
| | **Offline Client‑JWT (30 d)** | ✅ via OUK | — | — | Refreshed monthly in OUK |
|
||
|
||
> **Legend:** ✅ = Included ⏳ = Planned — = Not applicable
|
||
> Rows marked “Commercial Add‑On” are optional paid components shipping outside the AGPL‑core; everything else is FOSS.
|
||
|
||
---
|
||
*Last updated: 14 Jul 2025 (quota rev 2.0).*
|