stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity
Files
691028fe6982aa129aebb8ad201da450b8df0a10
git.stella-ops.org/docs/key-features.md
Vladimir Moushkov 691028fe69
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Document completed tasks across multiple components 
- Added completed tasks documentation for Scheduler WebService, ImpactIndex, Models, Queue, Storage.Mongo, Worker, Signals, Signer, UI, Zastava.Observer, Zastava.Webhook, Zastava.Core, Cryptography.Kms, Cryptography, and Plugin.
- Each task includes ID, status, owners, dependencies, descriptions, and exit criteria to ensure clarity and traceability.
- Enhanced integration and unit testing coverage across various components to validate functionality and compliance with specifications.
2025-10-30 18:20:31 +02:00

2.7 KiB
Raw Blame History

Key Features Capability Cards

Each card is a fast read pairing the headline capability with the evidence that backs it and why it matters day to day.

1. Delta SBOM Engine

  • What it is: Layer-aware ingestion keeps the SBOM catalog content-addressed; rescans only fetch new layers and update dependency/vulnerability cartographs.
  • Evidence: Deterministic Replay Manifest (SRM) captures the exact analyzer inputs/outputs per layer.
  • Why it matters: Warm scans drop below one second, so CI/CD pipelines stay fast even under the free-tier quota.

2. Lattice Policy + OpenVEX

  • What it is: Policy engine merges SBOM, advisories, VEX, and waivers through lattice logic that prioritises exploitability.
  • Evidence: OpenVEX is treated as first-class input; the policy UI renders explain traces, while custom rule packs let teams automate muting, expirations, and non-VEX alert logic.
  • Why it matters: Teams can distinguish exploitable risk from noise, tune the experience beyond VEX statements, and prove why a deployment was blocked or allowed.

3. Sovereign Crypto Profiles

  • What it is: Bring-your-own trust bundles that switch signing algorithms (FIPS, eIDAS, GOST, SM) without code changes.
  • Evidence: Crypto profiles travel with Offline Update Kits and post-quantum trust packs, keeping signatures verifiable in regulated sectors.
  • Why it matters: You meet regional crypto requirements while keeping provenance attestations consistent across tenants.

4. Deterministic Replay & Evidence Bundles

  • What it is: Every scan produces a DSSE + SRM bundle that can be replayed with stella replay.
  • Evidence: Replay manifests capture analyzer versions, lattice state, and attestations in content-addressed storage for audit trails.
  • Why it matters: Auditors and incident responders can re-run a historical scan and trust the findings were not tampered with.

5. Transparent Quotas & Offline Operations

  • What it is: Redis-backed counters surface {{ quota_token }} scans/day via headers, UI banners, and /quota API; Offline Update Kits mirror feeds.
  • Evidence: Quota tokens verify locally using bundled public keys, and Offline Update Kits include mirrored advisories, SBOM feeds, and VEX sources.
  • Why it matters: You stay within predictable limits, avoid surprise throttling, and operate entirely offline when needed.

Explore Further