stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
aa70af062e4565ca7a457e73764485b1523298f5
git.stella-ops.org/docs/modules/issuer-directory/README.md
StellaOps Bot 0103defcff docs consolidation work
2025-12-25 19:09:48 +02:00

1.2 KiB
Raw Blame History

IssuerDirectory

Status: Implemented Source: src/IssuerDirectory/ Owner: VEX Guild

Purpose

IssuerDirectory maintains a trust registry of CSAF publishers and VEX statement issuers. Provides discovery, validation, and trust scoring for upstream vulnerability advisories and VEX statements.

Components

Services:

  • StellaOps.IssuerDirectory - Main service for issuer registry management and API

Configuration

See etc/issuer-directory.yaml.sample for configuration options.

Key settings:

  • PostgreSQL connection (schema: issuer_directory)
  • Authority integration settings
  • Issuer discovery endpoints
  • Trust validation policies
  • CSAF provider metadata validation

Dependencies

  • PostgreSQL (schema: issuer_directory)
  • Authority (authentication)
  • Concelier (consumes issuer metadata)
  • VexHub (consumes issuer trust data)
  • VexLens (trust scoring integration)

Related Documentation

  • Architecture: ./architecture.md
  • Concelier: ../concelier/
  • VexHub: ../vexhub/
  • VexLens: ../vex-lens/

Current Status

Implemented with CSAF publisher discovery and validation. Supports issuer metadata storage and trust registry queries. Integrated with VEX ingestion pipeline.