stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
7b01c7d6acd233c1fdfac71cad09fd266be6bfc9
git.stella-ops.org/docs/implplan/archived/updates/2025-10-cleanup.md
master 7b01c7d6ac
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Add comprehensive product advisories for improved scanner functionality 
- Introduced a blueprint for explainable quiet alerts, detailing phases for SBOM, VEX readiness, and attestations.
- Developed a roadmap for deterministic diff-aware rescans, enhancing scanner speed and efficiency.
- Implemented a hash-based SBOM layer cache to optimize container scans by reusing previous results.
- Created a multi-runtime reachability corpus to validate function-level reachability across various programming languages.
- Proposed a stable SBOM model using SPDX 3.0.1 for persistence and CycloneDX 1.6 for interchange.
- Established a validation plan for quiet scans, focusing on provenance and CI integration.
- Documented guidelines for the Findings Ledger module, outlining roles, execution rules, and testing protocols.
2025-11-17 00:09:26 +02:00

2.3 KiB
Raw Blame History

Backlog Cleanup — 26 October 2025

This note captures the Sprint backlog hygiene pass applied on 26 October 2025. The goal was to eliminate legacy tasks that violated the aggregation-only contract (AOC), duplicated scope, or conflicted with the current module ownership map.

Summary

  • Console replaces legacy Angular UI. Sprint 13 UI tasks (UI-SCANS-13-002, UI-VEX-13-003, UI-ADMIN-13-004, UI-SCHED-13-005) are retired. Console Sprint 23 (CONSOLE-CORE-23-001..005, CONSOLE-FEAT-23-101..109, CONSOLE-REL-23-301..303) owns the experience.
  • Policy CLI runtime verbs consolidated. CLI-RUNTIME-13-005 is superseded by CLI-POLICY-20-002 and Policy Studio flows (CLI-POLICY-27-00x).
  • Notifier supersedes legacy Notify. modules.* All Sprint 15 StellaOps.Notify.* tasks are archived. Replacement work lives in Notifications Studio / Notifier Sprints 3840 (NOTIFY-SVC-38-00x, NOTIFY-SVC-39-00x, NOTIFY-SVC-40-00x, plus WEB/CLI-NOTIFY-3x-00x).
  • Graph platform realigned. Cartographer backlog items are archived; Graph Indexer + Graph API own graph storage, overlays, and explorer flows. Update open work to reference GRAPH-* tasks and the governance note in docs/devops/contracts-and-rules.md.
  • Dedicated Vuln Explorer service. Gateway/UI/CLI entries that attempted to inline Vuln Explorer logic (WEB-GRAPH-24-003, UI-GRAPH-24-005, CLI-VULN-24-003) now defer to Sprint 29 Vuln Explorer (VULN-API-29-00x, CONSOLE-VULN-29-00x, CLI-VULN-29-00x).
  • AOC enforcement. Ingestion-layer tasks attempting to compute derived severity/safe-fix metadata (CONCELIER-VULN-29-003, EXCITITOR-VULN-29-003) were removed; the Policy Engine overlay backlog (POLICY-ENGINE-29-001..003) is the canonical home.
  • CI/Offline adjustments. DEVOPS-UI-13-006 and DEVOPS-OFFLINE-18-003 moved under Console release tasks (CONSOLE-QA-23-401, DEVOPS-CONSOLE-23-001, CONSOLE-REL-23-302).

Follow-up

  • Update module task boards only under their active backlogs (src/Notifier/StellaOps.Notifier, Cartographer, Vuln Explorer).
  • Ensure future ingestion tasks reference AOC guardrails and avoid derived semantics.
  • Cross-check correspoding sprint file ../implplan/SPRINT_*.md after adding new tasks to keep tables consistent with module TASKS.md files.