45 lines
1.2 KiB
Markdown
45 lines
1.2 KiB
Markdown
# IssuerDirectory
|
|
|
|
**Status:** Implemented
|
|
**Source:** `src/IssuerDirectory/`
|
|
**Owner:** VEX Guild
|
|
|
|
## Purpose
|
|
|
|
IssuerDirectory maintains a trust registry of CSAF publishers and VEX statement issuers. Provides discovery, validation, and trust scoring for upstream vulnerability advisories and VEX statements.
|
|
|
|
## Components
|
|
|
|
**Services:**
|
|
- `StellaOps.IssuerDirectory` - Main service for issuer registry management and API
|
|
|
|
## Configuration
|
|
|
|
See `etc/issuer-directory.yaml.sample` for configuration options.
|
|
|
|
Key settings:
|
|
- PostgreSQL connection (schema: `issuer_directory`)
|
|
- Authority integration settings
|
|
- Issuer discovery endpoints
|
|
- Trust validation policies
|
|
- CSAF provider metadata validation
|
|
|
|
## Dependencies
|
|
|
|
- PostgreSQL (schema: `issuer_directory`)
|
|
- Authority (authentication)
|
|
- Concelier (consumes issuer metadata)
|
|
- VexHub (consumes issuer trust data)
|
|
- VexLens (trust scoring integration)
|
|
|
|
## Related Documentation
|
|
|
|
- Architecture: `./architecture.md`
|
|
- Concelier: `../concelier/`
|
|
- VexHub: `../vexhub/`
|
|
- VexLens: `../vex-lens/`
|
|
|
|
## Current Status
|
|
|
|
Implemented with CSAF publisher discovery and validation. Supports issuer metadata storage and trust registry queries. Integrated with VEX ingestion pipeline.
|