Signals

Status: Implemented Source: src/Signals/ Owner: Policy Guild

Purpose

Signals provides evidence-weighted scoring for vulnerability findings. Aggregates evidence from reachability analysis, runtime observations, backport detection, exploit intelligence, source trust, and mitigations into a deterministic 0-100 score for rapid triage.

Components

Services:

StellaOps.Signals - Main service with evidence aggregation and scoring engine
StellaOps.Signals.Scheduler - Background scheduler for score recalculation

Libraries:

StellaOps.Signals.Storage.Postgres - PostgreSQL storage for evidence and scores
StellaOps.Signals.Storage.Postgres.Tests - Storage layer tests

Evidence Normalizers:

Reachability (RCH) - Code path reachability to vulnerable sink
Runtime (RTS) - Live observation strength (eBPF/dyld/ETW)
Backport (BKP) - Patch evidence from distro/changelog/binary
Exploit (XPL) - Exploit probability (EPSS + KEV)
Source Trust (SRC) - VEX source trustworthiness
Mitigation (MIT) - Active mitigation effectiveness

Configuration

See etc/signals.yaml.sample for configuration options.

Key settings:

PostgreSQL connection (schema: signals)
Authority integration (audiences, scopes)
Storage driver (filesystem or rustfs)
Evidence weight policies
Score guardrails and thresholds

Dependencies

PostgreSQL (schema: signals)
Authority (authentication)
Policy Engine (reachability data)
Concelier (backport detection, exploit data)
Excititor (VEX source trust)
Scanner (vulnerability findings)

Architecture: ./architecture.md
Policy Engine: ../policy/
VexLens: ../vex-lens/
High-Level Architecture: ../../07_HIGH_LEVEL_ARCHITECTURE.md

Current Status

Implemented with six evidence normalizers and deterministic scoring algorithm. Integrated with Policy Engine for reachability data and VexLens for source trust. Supports evidence decomposition and transparency.

2.0 KiB Raw Blame History