git.stella-ops.org/docs/modules/vuln-explorer

StellaOps Vulnerability Explorer

Vulnerability Explorer delivers policy-aware triage, investigation, and reporting surfaces for effective findings.

Latest updates (2025-11-30)

• Documentation refresh aligned to sprint 0334: added observability/runbook snapshot and cross-links to OpenAPI draft (./api.md) and schemas in architecture.md.
• New offline-friendly observability runbook at runbooks/observability.md plus stub Grafana JSON in runbooks/dashboards/.
• Retained 2025-11-03 access-control changes; verify Authority scopes before enabling attachment uploads (docs/updates/2025-11-03-vuln-explorer-access-controls.md).

Responsibilities

• Present policy-evaluated findings with advisory, VEX, SBOM, and runtime context.
• Capture triage workflow in an immutable findings ledger with role-based access.
• Provide pivots, exports, and reports for auditors and operations teams.
• Integrate explain traces, remediation notes, and offline bundles.

Key components

• Findings Ledger service + API.
• Console module and CLI verbs for triage workflows.
• Export integrations for reports and evidence packages.

Integrations & dependencies

• Policy Engine for effective findings streams.
• Concelier/Excititor for evidence provenance.
• Scheduler for remediation/verification jobs.
• Notify for triage notifications.

Operational notes

• Audit logging per Epic 6 requirements.
• Offline-ready CSV/PDF exports with deterministic hashes.
• Dashboards for MTTR and triage throughput.
• Observability runbook and dashboard stub: see runbooks/observability.md and runbooks/dashboards/vuln-explorer-observability.json (import locally).

Epic alignment

• Epic 6: Vulnerability Explorer.
• VULN stories tracked in ../../TASKS.md and src/VulnExplorer/**/TASKS.md.