master
7b5bdcf4d3
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
34 lines
2.3 KiB
Markdown
Executable File
34 lines
2.3 KiB
Markdown
Executable File
# StellaOps Concelier & CLI
|
|
|
|
This repository hosts the StellaOps Concelier service, its plug-in ecosystem, and the
|
|
first-party CLI (`stellaops-cli`). Concelier ingests vulnerability advisories from
|
|
authoritative sources, stores them in MongoDB, and exports deterministic JSON and
|
|
Trivy DB artefacts. The CLI drives scanner distribution, scan execution, and job
|
|
control against the Concelier API.
|
|
|
|
## Quickstart
|
|
|
|
1. Prepare a MongoDB instance and (optionally) install `trivy-db`/`oras`.
|
|
2. Copy `etc/concelier.yaml.sample` to `etc/concelier.yaml` and update the storage + telemetry
|
|
settings.
|
|
3. Copy `etc/authority.yaml.sample` to `etc/authority.yaml`, review the issuer, token
|
|
lifetimes, and plug-in descriptors, then edit the companion manifests under
|
|
`etc/authority.plugins/*.yaml` to match your deployment.
|
|
4. Start the web service with `dotnet run --project src/Concelier/StellaOps.Concelier.WebService`.
|
|
5. Configure the CLI via environment variables (e.g. `STELLAOPS_BACKEND_URL`) and trigger
|
|
jobs with `dotnet run --project src/Cli/StellaOps.Cli -- db merge`.
|
|
|
|
Detailed operator guidance is available in `docs/10_CONCELIER_CLI_QUICKSTART.md`. API and
|
|
command reference material lives in `docs/09_API_CLI_REFERENCE.md`.
|
|
|
|
Pipeline note: deployment workflows should template `etc/concelier.yaml` during CI/CD,
|
|
injecting environment-specific Mongo credentials and telemetry endpoints. Upcoming
|
|
releases will add Microsoft OAuth (Entra ID) authentication support—track the quickstart
|
|
for integration steps once available.
|
|
|
|
## Documentation
|
|
|
|
- `docs/README.md` now consolidates the platform index and points to the updated high-level architecture.
|
|
- Module architecture dossiers now live under `docs/modules/<module>/`. The most relevant here are `docs/modules/concelier/ARCHITECTURE.md` (service layout, merge engine, exports) and `docs/modules/cli/ARCHITECTURE.md` (command surface, AOT packaging, auth flows). Related services such as the Signer, Attestor, Authority, Scanner, UI, Excititor, Zastava, and DevOps pipeline each have their own dossier in the same hierarchy.
|
|
- Offline operation guidance moved to `docs/24_OFFLINE_KIT.md`, which details bundle composition, verification, and delta workflows. Concelier-specific connector operations stay in `docs/modules/concelier/operations/connectors/*.md` with companion runbooks in `docs/modules/concelier/operations/`.
|