1.5 KiB
1.5 KiB
component_architecture_mirror.md - Stella Ops Mirror (2025Q4)
Vulnerability feed mirror and distribution service.
Scope. Architecture for Mirror: mirroring vulnerability feeds from upstream sources for offline distribution and reduced external dependencies.
0) Mission & boundaries
Mission. Provide local mirrors of vulnerability feeds (NVD, OSV, GHSA, etc.) for offline operation and reduced latency. Enable air-gapped deployments to receive updates via bundle import.
Boundaries.
- Mirror caches upstream feeds; it does not originate vulnerability data.
- Mirror produces bundles for air-gapped distribution.
- Feeds are cryptographically verified before distribution.
1) Integration with Concelier
Mirror is primarily integrated as part of Concelier's federation layer:
src/Concelier/__Libraries/
└─ StellaOps.Concelier.Federation/ # Bundle export/import for offline
The StellaOpsMirror connector in Concelier handles:
- Upstream feed synchronization
- Local cache management
- Bundle generation for offline distribution
2) Bundle Format
{
"bundleId": "mirror-nvd-2025-01-15",
"source": "nvd",
"timestamp": "2025-01-15T10:30:00Z",
"contents": [
{
"path": "nvd/CVE-2025-*.json",
"digest": "sha256:abc123..."
}
],
"signature": { /* DSSE envelope */ }
}
Related Documentation
- Concelier:
../concelier/architecture.md - AirGap:
../airgap/architecture.md - Provenance observers:
./provenance/observers.md