b97bffc430
S1-T01: Add "Scan Image" to sidebar under Security > Security Posture children
- New nav item with scanner:read scope, route /security/scan
S1-T02: Create Scan Image page (scan-submit.component.ts)
- Image reference input, force rescan toggle, metadata fields
- Submits POST /api/v1/scans/, polls for status every 3s
- Shows progress badges (queued/scanning/completed/failed)
- "View findings" link on completion
- Route registered in security.routes.ts
S1-T04: Rename "Triage" to "Vulnerabilities" in sidebar + breadcrumbs
- Sidebar label: Triage → Vulnerabilities
- Route title and breadcrumb data updated
- Internal route /triage/artifacts unchanged
S1-T05: Add 10 security terms to command palette quick actions
- Scan image, View vulnerabilities, Search CVE, View findings,
Create release, View audit log, Run diagnostics, Configure
advisory sources, View promotions, Check policy gates
S1-T06: Add CTA buttons to Security Posture page
- "Scan an Image" (primary) → /security/scan
- "View Active Findings" (secondary) → /triage/artifacts
S1-T07: Gateway routes for scanner endpoints
- /api/v1/scans → scanner.stella-ops.local (ReverseProxy)
- /api/v1/scan-policies → scanner.stella-ops.local (ReverseProxy)
- Added to both compose mount and source appsettings
Angular build: 0 errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DevOps
Deployment infrastructure for StellaOps.
Stack
| Component | Technology |
|---|---|
| Database | PostgreSQL 18.1 |
| Cache/Queue | Valkey 9.0.1 |
| Storage | RustFS |
| Transparency | Rekor v2 |
Structure
devops/
├── compose/ # Docker Compose files
├── helm/ # Kubernetes Helm chart
├── docker/ # Dockerfiles
├── runtime-assets/ # Runtime data assets (ML models, JDK, Ghidra, certs)
├── database/ # PostgreSQL migrations
├── scripts/ # Operational scripts
├── offline/ # Air-gap support
├── telemetry/ # Alerts & dashboards
├── logging/ # Log config templates
├── release/ # Release tools
├── releases/ # Release manifests
├── secrets/ # Secret templates
└── tools/ # Validation scripts
Runtime Data Assets
Services require certain files at runtime that are not produced by dotnet publish
or npm run build: ML model weights, JDK/Ghidra for binary analysis, certificates,
and more. Before building Docker images or creating offline bundles, run:
./devops/runtime-assets/acquire.sh --all # download and verify
./devops/runtime-assets/acquire.sh --verify # check existing assets
./devops/runtime-assets/acquire.sh --package # create air-gap tarball
See devops/runtime-assets/README.md for the full inventory and provisioning guide.
Quick Start
# Local stack
docker compose -f devops/compose/docker-compose.stella-ops.yml up -d
# With telemetry
docker compose -f devops/compose/docker-compose.stella-ops.yml \
-f devops/compose/docker-compose.telemetry.yml up -d
# Kubernetes
helm install stellaops devops/helm/stellaops \
-f devops/helm/stellaops/values-prod.yaml \
-n stellaops --create-namespace
Compose Files
| File | Purpose |
|---|---|
stella-ops.yml |
Main stack |
telemetry.yml |
Observability |
testing.yml |
CI infrastructure |
compliance-china.yml |
SM2/SM3/SM4 |
compliance-russia.yml |
GOST |
compliance-eu.yml |
eIDAS |