StellaOps Documentation
StellaOps is a deterministic, offline-first container security platform: every verdict links back to concrete evidence (SBOM slices, advisory/VEX observations, reachability proofs, policy explain traces) and can be replayed for audits.
Two Levels of Documentation
- High-level (canonical): the curated guides in
docs/*.md. - Detailed (reference): deep dives under
docs/**(module dossiers, architecture notes, API contracts/samples, runbooks, schemas). The entry point isdocs/technical/README.md.
This documentation set is internal and does not keep compatibility stubs for old paths. Content is consolidated to reduce duplication and outdated pages.
Start Here
| Goal | Open this |
|---|---|
| Understand the product in 2 minutes | overview.md |
| Run a first scan (CLI) | quickstart.md |
| Browse capabilities | key-features.md |
| Roadmap (priorities + definition of "done") | ROADMAP.md |
| Architecture: high-level overview | ARCHITECTURE_OVERVIEW.md |
| Architecture: full reference map | ARCHITECTURE_REFERENCE.md |
| Architecture: user flows (UML) | technical/architecture/user-flows.md |
| Architecture: module matrix (46 modules) | technical/architecture/module-matrix.md |
| Architecture: data flows | technical/architecture/data-flows.md |
| Architecture: schema mapping | technical/architecture/schema-mapping.md |
| Offline / air-gap operations | OFFLINE_KIT.md |
| Security deployment hardening | SECURITY_HARDENING_GUIDE.md |
| Ingest advisories (Concelier + CLI) | CONCELIER_CLI_QUICKSTART.md |
| Develop plugins/connectors | PLUGIN_SDK_GUIDE.md |
| Console (Web UI) operator guide | UI_GUIDE.md |
| VEX consensus and issuer trust | VEX_CONSENSUS_GUIDE.md |
| Vulnerability Explorer guide | VULNERABILITY_EXPLORER_GUIDE.md |
Detailed Indexes
- Technical index (everything): docs/technical/README.md
- End-to-end workflow flows: docs/flows/ (16 detailed flow documents)
- Module dossiers: docs/modules/
- API contracts and samples: docs/api/
- Architecture notes / ADRs: docs/architecture/, docs/adr/
- Operations and deployment: docs/operations/, docs/deploy/, docs/deployment/
- Air-gap workflows: docs/airgap/
- Security deep dives: docs/security/
- Benchmarks and fixtures: docs/benchmarks/, docs/assets/
Notes
- The product is offline-first: docs and examples should avoid network dependencies and prefer deterministic fixtures.
- Feature exposure is configuration-driven; module dossiers define authoritative schemas and contracts per component.