7b01c7d6ac
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Introduced a blueprint for explainable quiet alerts, detailing phases for SBOM, VEX readiness, and attestations. - Developed a roadmap for deterministic diff-aware rescans, enhancing scanner speed and efficiency. - Implemented a hash-based SBOM layer cache to optimize container scans by reusing previous results. - Created a multi-runtime reachability corpus to validate function-level reachability across various programming languages. - Proposed a stable SBOM model using SPDX 3.0.1 for persistence and CycloneDX 1.6 for interchange. - Established a validation plan for quiet scans, focusing on provenance and CI integration. - Documented guidelines for the Findings Ledger module, outlining roles, execution rules, and testing protocols.
949 B
949 B
2025-10-26 — Authority graph scopes documentation refresh
Summary
- Documented least-privilege guidance for the new
graph:*scopes indocs/11_AUTHORITY.md(scope mapping, tenant propagation, and DPoP expectations). - Extended the sample client table/config to include Cartographer and Graph API registrations so downstream teams can copy/paste the correct defaults.
- Highlighted the requirement to consume
StellaOpsScopesconstants instead of hard-coded scope strings across services.
Next steps
| Team | Follow-up | Target |
|---|---|---|
| Authority Core | Ensure /jwks changelog references graph scope rollout in next release note. |
2025-10-28 |
| Graph API Guild | Update gateway scaffolding to request scopes from StellaOpsScopes once the host project lands. |
Sprint 21 stand-up |
| Scheduler Guild | Confirm Cartographer client onboarding uses the new sample secret templates. | Sprint 21 stand-up |