stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
dc7c75b496c1f0b34c284bf3bda5f70544ce81dd
git.stella-ops.org/docs/examples/policies
History
master c2c6b58b41 feat: Add Promotion-Time Attestations for Stella Ops 
- Introduced a new document for promotion-time attestations, detailing the purpose, predicate schema, producer workflow, verification flow, APIs, and security considerations.
- Implemented the `stella.ops/promotion@v1` predicate schema to capture promotion evidence including image digest, SBOM/VEX artifacts, and Rekor proof.
- Defined producer responsibilities and workflows for CLI orchestration, signer responsibilities, and Export Center integration.
- Added verification steps for auditors to validate promotion attestations offline.

feat: Create Symbol Manifest v1 Specification

- Developed a specification for Symbol Manifest v1 to provide a deterministic format for publishing debug symbols and source maps.
- Defined the manifest structure, including schema, entries, source maps, toolchain, and provenance.
- Outlined upload and verification processes, resolve APIs, runtime proxy, caching, and offline bundle generation.
- Included security considerations and related tasks for implementation.

chore: Add Ruby Analyzer with Git Sources

- Created a Gemfile and Gemfile.lock for Ruby analyzer with dependencies on git-gem, httparty, and path-gem.
- Implemented main application logic to utilize the defined gems and output their versions.
- Added expected JSON output for the Ruby analyzer to validate the integration of the new gems and their functionalities.
- Developed internal observation classes for Ruby packages, runtime edges, and capabilities, including serialization logic for observations.

test: Add tests for Ruby Analyzer

- Created test fixtures for Ruby analyzer, including Gemfile, Gemfile.lock, main application, and expected JSON output.
- Ensured that the tests validate the correct integration and functionality of the Ruby analyzer with the specified gems.
2025-11-11 15:30:22 +02:00
..
baseline.md
feat: Add Promotion-Time Attestations for Stella Ops
2025-11-11 15:30:22 +02:00
baseline.stella
feat: Add Promotion-Time Attestations for Stella Ops
2025-11-11 15:30:22 +02:00
baseline.yaml
Restructure solution layout by module
2025-10-28 15:10:40 +02:00
internal-only.md
Restructure solution layout by module
2025-10-28 15:10:40 +02:00
internal-only.stella
Restructure solution layout by module
2025-10-28 15:10:40 +02:00
internal-only.yaml
Restructure solution layout by module
2025-10-28 15:10:40 +02:00
README.md
Restructure solution layout by module
2025-10-28 15:10:40 +02:00
serverless.md
Restructure solution layout by module
2025-10-28 15:10:40 +02:00
serverless.stella
Restructure solution layout by module
2025-10-28 15:10:40 +02:00
serverless.yaml
Restructure solution layout by module
2025-10-28 15:10:40 +02:00

README.md

Policy Examples

Sample stella-dsl@1 policies illustrating common deployment personas. Each example includes commentary, CLI usage hints, and a compliance checklist.

Example Description
Baseline Balanced production defaults (block critical, respect strong VEX).
Serverless Aggressive blocking for serverless workloads (no High+, pinned base images).
Internal Only Lenient policy for internal/dev environments with KEV safeguards.

Policy source files (*.stella) live alongside the documentation so you can copy/paste or use stella policy new --from file://....

Last updated: 2025-10-26.