stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
df5984d07ee1592a53d8d6c29e90b4443364b7ae
git.stella-ops.org/docs/23_FAQ_MATRIX.md

62 lines
3.2 KiB
Markdown
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# StellaOps — Frequently Asked Questions (Matrix)
## Quick glance
| Question | Short answer |
|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| WhatisStellaOps? | A lightningfast, SBOMfirst containersecurity scanner written in **.NET {{ dotnet }}** with an **Angular {{ angular }}** web UI. |
| How fast is it? | Warm scans finish in **\<5s** on a 4vCPU runner; first scans stay **\<30s**. |
| Is it free? | Yes **{{ quota_anon }} scans/day** anonymously. Requesting a free JWT lifts the limit to **{{ quota_token }}**. A gentle reminder shows at 200; exceeding the cap throttles speed but never blocks. |
| Does it run offline? | Yes — download the signed **Offline Update Kit**; see `/offline/`. |
| Can I extend it? | Yes — restarttime plugins (`ISbomMutator`, `IVulnerabilityProvider`, `IResultSink`, OPA Rego). Marketplace GA inv1.0. |
---
## Roadmap (authoritative link)
The full, alwaysuptodate roadmap lives at <https://stellaops.org/roadmap/>.
Snapshot:
| Version | Target date | Lockedin scope (freeze at β) |
|---------|-------------|--------------------------------|
| **v0.1 α** | *Late2025* | ΔSBOM engine, nightly rescan, Offline Kit v1, {{ quota_anon }}/{{ quota_token }} quota |
| **v0.2 β** | Q12026 | *Zastava* forbiddenimage scanner, registry sweeper, SDK β |
| **v0.3 β** | Q22026 | YAML/Rego policyascode, SARIF output, OUK autoimport |
| **v0.4 RC** | Q32026 | AI remediation advisor, LDAP/AD SSO, pluggable TLS providers |
| **v1.0 GA** | Q42026 | SLSA L3 provenance, signed plugin marketplace |
---
## Technical matrix
| Category | Detail |
|----------|--------|
| **Core runtime** | C# 14 on **.NET {{ dotnet }}** |
| **UI stack** | **Angular {{ angular }}** + TailwindCSS |
| **Container base** | Distroless glibc (x8664 & arm64) |
| **Data stores** | MongoDB 7 (SBOM + findings), Redis 7 (LRU cache + quota) |
| **Release integrity** | Cosignsigned images & TGZ, reproducible build, SPDX 2.3 SBOM |
| **Extensibility** | Plugins in any .NET language (restart load); OPA Rego policies |
| **Default quotas** | Anonymous **{{ quota_anon }}scans/day** · JWT **{{ quota_token }}** |
---
## Quota enforcement (overview)
* Counters live in Redis with 24h keys: `quota:ip:<sha256>` or `quota:tid:<hash>`.
* Soft reminder banner at 200 daily scans.
* Past the limit: first 30 excess requests delayed5s; afterwards 60s.
* Behaviour is identical online and offline (validation local).
For full flow see `docs/30_QUOTA_ENFORCEMENT_FLOW1.md`.
---
## Further reading
* **Install guide:** `/install/`
* **Offline mode:** `/offline/`
* **Security policy:** `/security/`
* **Governance:** `/governance/`
* **Community chat:** Matrix `#stellaops:libera.chat`
Reference in New Issue View Git Blame Copy Permalink