master
b97fc7685a
Some checks failed
Build Test Deploy / authority-container (push) Has been cancelled
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
35 lines
5.0 KiB
Markdown
Executable File
35 lines
5.0 KiB
Markdown
Executable File
# 4 · Feature Matrix — **Stella Ops**
|
||
*(rev 2.0 · 14 Jul 2025)*
|
||
|
||
| Category | Capability | Free Tier (≤ 333 scans / day) | Community Plug‑in | Commercial Add‑On | Notes / ETA |
|
||
| ---------------------- | ------------------------------------- | ----------------------------- | ----------------- | ------------------- | ------------------------------------------ |
|
||
| **SBOM Ingestion** | Trivy‑JSON, SPDX‑JSON, CycloneDX‑JSON | ✅ | — | — | Auto‑detect on upload |
|
||
| | **Delta‑SBOM Cache** | ✅ | — | — | Warm scans < 1 s |
|
||
| **Scanning** | CVE lookup via local DB | ✅ | — | — | Update job ships weekly feeds |
|
||
| | Licence‑risk detection | ⏳ (roadmap Q4‑2025) | — | — | SPDX licence list |
|
||
| **Policy Engine** | YAML rules | ✅ | — | — | In‑UI editor |
|
||
| | OPA / Rego | ⏳ (β Q1‑2026) | ✅ plug‑in | — | Plug‑in enables Rego |
|
||
| **Registry** | Anonymous internal registry | ✅ | — | — | `StellaOps.Registry` image |
|
||
| **Attestation** | Cosign signing | ⏳ (Q1‑2026) | — | — | Requires `StellaOpsAttestor` |
|
||
| | SLSA provenance v1.0 | — | — | ⏳ (commercial 2026) | Enterprise need |
|
||
| | Rekor transparency log | — | ✅ plug‑in | — | Air‑gap replica support |
|
||
| **Quota & Throttling** | {{ quota_token }} scans/day soft limit | ✅ | — | — | Yellow banner at 200, wait‑wall post‑limit |
|
||
| | Usage API (`/quota`) | ✅ | — | — | CI can poll remaining scans |
|
||
| **User Interface** | Dark / light mode | ✅ | — | — | Auto‑detect OS theme |
|
||
| | Additional locale (Cyrillic) | ✅ | — | — | Default if `Accept‑Language: bg` or any other |
|
||
| | Audit trail | ✅ | — | — | Mongo history |
|
||
| **Deployment** | Docker Compose bundle | ✅ | — | — | Single‑node |
|
||
| | Helm chart (K8s) | ✅ | — | — | Horizontal scaling |
|
||
| | High‑availability split services | — | — | ✅ (Add‑On) | HA Redis & Mongo |
|
||
| **Extensibility** | .NET hot‑load plug‑ins | ✅ | N/A | — | AGPL reference SDK |
|
||
| | Community plug‑in marketplace | — | ⏳ (β Q2‑2026) | — | Moderated listings |
|
||
| **Telemetry** | Opt‑in anonymous metrics | ✅ | — | — | Required for quota satisfaction KPI |
|
||
| **Quota & Tokens** | **Client‑JWT issuance** | ✅ (online 12 h token) | — | — | `/connect/token` |
|
||
| | **Offline Client‑JWT (30 d)** | ✅ via OUK | — | — | Refreshed monthly in OUK |
|
||
|
||
> **Legend:** ✅ = Included ⏳ = Planned — = Not applicable
|
||
> Rows marked “Commercial Add‑On” are optional paid components shipping outside the AGPL‑core; everything else is FOSS.
|
||
|
||
---
|
||
*Last updated: 14 Jul 2025 (quota rev 2.0).*
|