stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
f57b18b6e530a79f0c11a359b31787a9564f3e64
git.stella-ops.org/docs/modules/concelier/operations/connectors/adobe.md
master 607ce619fe feat(concelier): multi-sprint batch (mirror domain + advisory sources + durable runtime + credentials) 
Bundled commit covering pre-session work from multiple Concelier sprints
already archived or in-flight:
- SPRINT_20260419_006: mirror domain / source key validation
- SPRINT_20260419_029 / 030: durable jobs orchestrator runtime + endpoint verification
- SPRINT_20260421_001: advisory source projection truthful counts
- SPRINT_20260421_002: FE advisory source consistency (connector-side bits)
- SPRINT_20260421_003: advisory connector runtime alignment
- SPRINT_20260422_003: source credential entry paths (in-flight)

Includes connector internals (ACSC / Adobe / CERT-BUND / Chromium / Cisco /
CVE-KEV / GHSA / JVN / KISA / MSRC / Oracle / Ubuntu), source management
endpoints, mirror domain management, federation endpoints, topology setup,
job registration, and associated dossier updates under
docs/modules/concelier/.

This commit groups ~229 file changes that accumulated across the above
sprints; individual changes are preserved at file granularity so blame
remains useful.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:05:53 +03:00

1.6 KiB
Raw Blame History

Concelier Adobe PSIRT Connector - Operations Runbook

Last updated: 2026-04-22

1. Overview

The Adobe connector ingests Adobe PSIRT advisories and maps them to canonical IDs. The canonical runtime source ID is adobe.

2. Authentication

  • No authentication required for public advisories.

3. Configuration paths

Primary operator path:

  • Web UI: Security Posture -> Configure Sources or Ops -> Operations -> Feeds & Airgap -> Configure Sources
  • CLI: 
    stella db connectors configure adobe \
  --server https://concelier.example.internal \
  --set indexUri=https://mirror.example.internal/adobe/security-bulletin.html

The Adobe connector does not require credentials. Use the UI/CLI configuration path only when overriding the canonical Adobe public index or supplying additional mirror or index URIs.

Compatibility fallback (concelier.yaml):

concelier:
  sources:
    adobe:
      indexUri: "https://helpx.adobe.com/security/security-bulletin.html"
      additionalIndexUris: []
      initialBackfill: "90.00:00:00"
      windowOverlap: "3.00:00:00"
      maxEntriesPerFetch: 100

4. Offline and air-gapped deployments

  • Mirror the Adobe index and detail pages into the Offline Kit.
  • Repoint indexUri and additionalIndexUris to the mirrored allowlisted endpoints.

5. Common failure modes

  • Adobe changes the bulletin index HTML layout or detail-table structure
  • Historic bulletin pages disappear or move without redirects
  • Operators mirror detail pages but forget to mirror the index page that seeds discovery