stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
691028fe6982aa129aebb8ad201da450b8df0a10
git.stella-ops.org/docs/quickstart.md
Vladimir Moushkov 691028fe69
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Document completed tasks across multiple components 
- Added completed tasks documentation for Scheduler WebService, ImpactIndex, Models, Queue, Storage.Mongo, Worker, Signals, Signer, UI, Zastava.Observer, Zastava.Webhook, Zastava.Core, Cryptography.Kms, Cryptography, and Plugin.
- Each task includes ID, status, owners, dependencies, descriptions, and exit criteria to ensure clarity and traceability.
- Enhanced integration and unit testing coverage across various components to validate functionality and compliance with specifications.
2025-10-30 18:20:31 +02:00

94 lines
3.6 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Quickstart First Scan in Five Minutes
> **Status:** public α image ships late2025 (`registry.stella-ops.org/stella-ops/stella-ops:0.1.0-alpha`). Commands below are ready the moment the tag lands.
## 0. Prerequisites (1 min)
| Requirement | Minimum | Notes |
|-------------|---------|-------|
| OS | Ubuntu22.04 LTS / Alma9 | x8664 or arm64 |
| Docker | Engine25 + Composev2 | `docker -v` |
| Resources | 2vCPU / 2GiB RAM / 10GiB SSD | Fits developer laptops |
| TLS trust | Built-in self-signed or your own certs | Replace `/certs` before production |
Keep Redis and MongoDB bundled unless you already operate managed instances.
## 1. Download the signed bundles (1 min)
```bash
curl -LO https://get.stella-ops.org/docker-compose.infrastructure.yml
curl -LO https://get.stella-ops.org/docker-compose.infrastructure.yml.sig
curl -LO https://get.stella-ops.org/docker-compose.stella-ops.yml
curl -LO https://get.stella-ops.org/docker-compose.stella-ops.yml.sig
cosign verify-blob \
--key https://stella-ops.org/keys/cosign.pub \
--signature docker-compose.infrastructure.yml.sig \
docker-compose.infrastructure.yml
cosign verify-blob \
--key https://stella-ops.org/keys/cosign.pub \
--signature docker-compose.stella-ops.yml.sig \
docker-compose.stella-ops.yml
```
*Air-gapped?* The [Offline Update Kit](24_OFFLINE_KIT.md) ships these files plus feeds and plug-ins.
## 2. Configure `.env` (1 min)
Create `.env` with the essentials:
```dotenv
STELLA_OPS_COMPANY_NAME="Acme Corp"
STELLA_OPS_DEFAULT_ADMIN_USERNAME="admin"
STELLA_OPS_DEFAULT_ADMIN_PASSWORD="change-me!"
MONGO_INITDB_ROOT_USERNAME=stella_admin
MONGO_INITDB_ROOT_PASSWORD=$(openssl rand -base64 18)
MONGO_URL=mongodb
REDIS_PASSWORD=$(openssl rand -base64 18)
REDIS_URL=redis
```
Use existing Redis/Mongo endpoints by setting `MONGO_URL` and `REDIS_URL`. Keep credentials scoped to StellaOps; Redis counters enforce the transparent quota (`{{ quota_token }}` scans/day).
## 3. Launch services (1 min)
```bash
docker compose --env-file .env -f docker-compose.infrastructure.yml up -d
docker compose --env-file .env -f docker-compose.stella-ops.yml up -d
```
- `StellaOps.Authority` issues short-lived OpToks for CLI/UI.
- `StellaOps.Scanner` hosts `/scan`, queues work to Workers.
- `StellaOps.Policy.Engine` and `StellaOps.Concelier` start with seeded policies, feeds sync in the background.
## 4. Run your first scan (1 min)
```bash
stella auth login --device-code
stella scan image \
--image registry.stella-ops.org/demo/juice-shop:latest \
--sbom-type cyclonedx-json
```
- Expect `<5s` warm scans once the Delta SBOM cache is primed.
- CLI exits non-zero if lattice policy blocks the image; use `stella policy explain --last` for context.
- Headers `X-Stella-Quota-Remaining` and the UI banner keep quota usage transparent.
## 5. Verify & explore (1 min)
- Check the Console (`https://localhost:8443`) to view findings, VEX evidence, and deterministic replay manifests.
- Export the DSSE bundle: `stella export run --format dsse`.
- Capture evidence for audit: `stella attest bundle --output demo.dsse.json`.
### Sovereign mode in one click
- Import the Offline Update Kit (`stella offline-kit import ./stella-ouk-2025-alpha.tar.gz`) to replace every external feed.
- Apply a CryptoProfile (`stella authority crypto apply ./profiles/fips.yaml`) to swap signing algorithms without rebuilding.
### Next steps
- Harden the deployment with [`17_SECURITY_HARDENING_GUIDE.md`](17_SECURITY_HARDENING_GUIDE.md).
- Explore feature highlights in [`key-features.md`](key-features.md).
- Plan the rollout using the [evaluation checklist](evaluate/checklist.md).
Reference in New Issue View Git Blame Copy Permalink