StellaOps Flow Documentation
This directory contains detailed end-to-end flow documentation for all major StellaOps workflows.
Flow Categories
Core Platform Flows (Existing)
| Flow | File | Description |
|---|---|---|
| Dashboard Data Flow | 01-dashboard-data-flow.md | How dashboard aggregates and displays security posture |
| Scan Submission Flow | 02-scan-submission-flow.md | End-to-end container image scan lifecycle |
| SBOM Generation Flow | 03-sbom-generation-flow.md | Multi-analyzer SBOM generation and attestation |
| Policy Evaluation Flow | 04-policy-evaluation-flow.md | K4 lattice policy evaluation with confidence scoring |
| Notification Flow | 05-notification-flow.md | Multi-channel notification delivery |
| Export Flow | 06-export-flow.md | Report and evidence bundle generation |
Advanced Flows (New)
| Flow | File | Description |
|---|---|---|
| CI/CD Gate Flow | 10-cicd-gate-flow.md | Pipeline integration with pass/fail gates |
| Advisory Drift Re-scan Flow | 11-advisory-drift-rescan-flow.md | Automatic re-evaluation on new advisories |
| VEX Auto-Generation Flow | 12-vex-auto-generation-flow.md | ML-assisted VEX statement generation |
| Evidence Bundle Export Flow | 13-evidence-bundle-export-flow.md | Auditable evidence package creation |
| Multi-Tenant Policy Rollout Flow | 14-multi-tenant-policy-rollout-flow.md | Cross-tenant policy propagation |
| Binary Delta Attestation Flow | 15-binary-delta-attestation-flow.md | Binary-level change attestation |
| Offline Sync Flow | 16-offline-sync-flow.md | Air-gapped environment synchronization |
| Exception Approval Workflow | 17-exception-approval-workflow.md | Policy exception request and approval |
| Risk Score Dashboard Flow | 18-risk-score-dashboard-flow.md | Real-time risk aggregation and display |
| Reachability Drift Alert Flow | 19-reachability-drift-alert-flow.md | Runtime reachability change detection |
Flow Documentation Format
Each flow document follows a standard structure:
- Overview - Brief description and business value
- Actors - Users, systems, and services involved
- Prerequisites - Required configuration and dependencies
- Flow Diagram - UML sequence/activity diagram
- Step-by-Step - Detailed step descriptions
- Data Contracts - Input/output schemas
- Error Handling - Failure modes and recovery
- Observability - Metrics, logs, and traces
- Related Flows - Cross-references to related workflows
Module Ownership
| Flow Category | Primary Module | Supporting Modules |
|---|---|---|
| Scanning | Scanner | Gateway, Scheduler, Attestor |
| Policy | Policy | VexLens, Concelier, Scanner |
| Advisory | Concelier | Excititor, Mirror, VexLens |
| Export | ExportCenter | EvidenceLocker, Attestor, Signer |
| Notification | Notify | Scheduler, Orchestrator |
| CI/CD | CLI | Gateway, Scanner, Policy |