master
b97fc7685a
Some checks failed
Build Test Deploy / authority-container (push) Has been cancelled
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
3.2 KiB
Executable File
3.2 KiB
Executable File
Stella Ops — Frequently Asked Questions (Matrix)
Quick glance
| Question | Short answer |
|---|---|
| What is Stella Ops? | A lightning‑fast, SBOM‑first container‑security scanner written in .NET {{ dotnet }} with an Angular {{ angular }} web UI. |
| How fast is it? | Warm scans finish in < 5 s on a 4‑vCPU runner; first scans stay < 30 s. |
| Is it free? | Yes – {{ quota_anon }} scans / day anonymously. Requesting a free JWT lifts the limit to {{ quota_token }}. A gentle reminder shows at 200; exceeding the cap throttles speed but never blocks. |
| Does it run offline? | Yes — download the signed Offline Update Kit; see /offline/. |
| Can I extend it? | Yes — restart‑time plug‑ins (ISbomMutator, IVulnerabilityProvider, IResultSink, OPA Rego). Marketplace GA in v1.0. |
Road‑map (authoritative link)
The full, always‑up‑to‑date roadmap lives at https://stella‑ops.org/roadmap/.
Snapshot:
| Version | Target date | Locked‑in scope (freeze at β) |
|---|---|---|
| v0.1 α | Late 2025 | Δ‑SBOM engine, nightly re‑scan, Offline Kit v1, {{ quota_anon }}/ {{ quota_token }} quota |
| v0.2 β | Q1 2026 | Zastava forbidden‑image scanner, registry sweeper, SDK β |
| v0.3 β | Q2 2026 | YAML/Rego policy‑as‑code, SARIF output, OUK auto‑import |
| v0.4 RC | Q3 2026 | AI remediation advisor, LDAP/AD SSO, pluggable TLS providers |
| v1.0 GA | Q4 2026 | SLSA L3 provenance, signed plug‑in marketplace |
Technical matrix
| Category | Detail |
|---|---|
| Core runtime | C# 14 on .NET {{ dotnet }} |
| UI stack | Angular {{ angular }} + TailwindCSS |
| Container base | Distroless glibc (x86‑64 & arm64) |
| Data stores | MongoDB 7 (SBOM + findings), Redis 7 (LRU cache + quota) |
| Release integrity | Cosign‑signed images & TGZ, reproducible build, SPDX 2.3 SBOM |
| Extensibility | Plug‑ins in any .NET language (restart load); OPA Rego policies |
| Default quotas | Anonymous {{ quota_anon }} scans/day · JWT {{ quota_token }} |
Quota enforcement (overview)
- Counters live in Redis with 24 h keys:
quota:ip:<sha256>orquota:tid:<hash>. - Soft reminder banner at 200 daily scans.
- Past the limit: first 30 excess requests delayed 5 s; afterwards 60 s.
- Behaviour is identical online and offline (validation local).
For full flow see docs/30_QUOTA_ENFORCEMENT_FLOW1.md.
Further reading
- Install guide:
/install/ - Offline mode:
/offline/ - Security policy:
/security/ - Governance:
/governance/ - Community chat: Matrix
#stellaops:libera.chat