master
96d52884e8
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output. - Created PolicySchemaExporter to generate JSON schemas for policy-related models. - Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes. - Added project files and necessary dependencies for each tool. - Ensured proper error handling and usage instructions across tools.
7.8 KiB
Executable File
7.8 KiB
Executable File
Stella Ops
Self‑hosted, SBOM‑first DevSecOps platform – offline‑friendly, AGPL‑3.0, free up to {{ quota_token }} scans per UTC day (soft delay only, never blocks).
Stella Ops lets you discover container vulnerabilities in < 5 s without sending a single byte outside your network.
Everything here is open‑source and versioned — when you check out a git tag, the docs match the code you are running.
🚀 Start here (first 60 minutes)
| Step | What you will learn | Doc |
|---|---|---|
| 1 ️⃣ | 90‑second elevator pitch & pillars | What Is Stella Ops? |
| 2 ️⃣ | Pain points it solves | Why Does It Exist? |
| 3 ️⃣ | Install & run a scan in 10 min | Install Guide |
| 4 ️⃣ | Components & data‑flow | High‑Level Architecture |
| 5 ️⃣ | Integrate the CLI / REST API | API & CLI Reference |
| 6 ️⃣ | Vocabulary used throughout the docs | Glossary |
📚 Complete Table of Contents
Click to expand the full docs index
Overview
- 01 – What Is Stella Ops?
- 02 – Why Does It Exist?
- 03 – Vision & Road‑map
- 04 – Feature Matrix
Reference & concepts
- 05 – System Requirements Specification
- 07 – High‑Level Architecture
- 08 – Architecture Decision Records
- 08 – Module Architecture Dossiers
- 09 – API & CLI Reference
- 10 – Plug‑in SDK Guide
- 10 – Concelier CLI Quickstart
- 10 – BuildX Generator Quickstart
- 10 – Scanner Cache Configuration
- 30 – Excititor Connector Packaging Guide
- 31 – Aggregation-Only Contract Reference
- 30 – Developer Templates
- 11 – Authority Service
- 11 – Data Schemas
- 12 – Performance Workbook
- 13 – Release‑Engineering Playbook
- 20 – CLI AOC Commands Reference
- 60 – Policy Engine Overview
- 61 – Policy DSL Grammar
- 62 – Policy Lifecycle & Approvals
- 63 – Policy Runs & Orchestration
- 64 – Policy Engine REST API
- 65 – Policy CLI Guide
- 66 – Policy Editor Workspace
- 67 – Policy Observability
- 68 – Policy Governance & Least Privilege
- 69 – Policy Examples
- 70 – Policy FAQ
- 71 – Policy Run DTOs
- 30 – Fixture Maintenance
User & operator guides
- 14 – Glossary
- 15 – UI Guide
- 16 – Console AOC Dashboard
- 17 – Security Hardening Guide
- 18 – Coding Standards
- 19 – Test‑Suite Overview
- 21 – Install Guide
- 22 – CI/CD Recipes Library
- 23 – FAQ
- 24 – Offline Update Kit Admin Guide
- 25 – Mirror Operations Runbook
- 26 – Concelier Apple Connector Operations
- 27 – Authority Key Rotation Playbook
- 28 – Concelier CCCS Connector Operations
- 29 – Concelier CISA ICS Connector Operations
- 30 – Concelier CERT-Bund Connector Operations
- 31 – Concelier MSRC Connector – AAD Onboarding
- 36 – Launch Cutover Runbook
- 37 – Registry Token Service
- 37 – Deployment Upgrade & Rollback Runbook
- 38 – Policy Schema Export Automation
- 40 – Observability Guide (AOC)
- 41 – Telemetry Collector Deployment
- 42 – Telemetry Storage Deployment
- 43 – Authority Scopes & Tenancy
- 44 – Container Deployment (AOC)
Legal & licence
- 32 – Legal & Quota FAQ
🧹 Backlog hygiene
Imposed rule: Work of this type or tasks of this type on this component must also be applied everywhere else it should be applied.
- Aggregation-Only Contract (AOC). Ingestion services aggregate and link facts only—derived precedence, severity, and safe-fix hints live in Policy overlays and dedicated explorers. Review
../AGENTS.mdand the AOC guardrails inaoc/aoc-guardrails.md. - Cartographer owns graphs. SBOM Service emits projections/events; Cartographer (
CARTO-GRAPH-21-00x) builds graph storage, overlays, and tiles. SeeARCHITECTURE_CONCELIER.md(Cartographer handshake section) for handoff boundaries. - Notifier replaces legacy Notify. Sprint‑15
StellaOps.Notify.*tasks are frozen; use the Notifications Studio/Notifier backlogs (NOTIFY-SVC-38..40,WEB-NOTIFY-3x-00x,CLI-NOTIFY-3x-00x). - Dedicated services for Vuln & Policy. Vuln Explorer work flows through
src/StellaOps.VulnExplorer.Api/Console/CLI (Sprint 29); gateway routes proxy only. Policy Engine remains the sole source for precedence/suppression overlays. - Cleanup log. The backlog consolidation summary lives in
backlog/2025-10-cleanup.md.
© 2025 Stella Ops contributors – licensed AGPL‑3.0‑or‑later