Community
Stella Ops Suite is a release control center for Docker images (non-Kubernetes estates). If you care about SBOM determinism, reachability proofs, evidence exports, and controlled rollouts — contributions are welcome.
High-leverage ways to help
1) Operators & platform teams
We want feedback and test cases for:
- → Docker/Compose deployments on real hosts
- → SSH/WinRM target providers (agentless estates)
- → ECS / Nomad execution paths
- → A/B, canary, rollback flows with evidence export
Start: /install/ and /how-it-works/
2) Security engineers
We want review and test coverage for:
- → Hybrid reachability proofs (static + manifest + optional runtime traces)
- → VEX handling, issuer trust / conflict resolution
- → Evidence replay (same inputs → same outputs)
- → Policy gates and "why blocked?" traces
See: /security/ and /evidence/
3) Integration builders
We want connectors and hardening for:
- → SCM/CI and registry events
- → Secrets and service discovery (Vault / Consul)
- → CVE / advisory feeds and VEX sources (pluggable providers)
- → Export formats and audit ingestion
See: /features/ and /docs/
Where code and issues live
Primary forge (self-hosted Gitea): git.stella-ops.org
Governance rules: /governance/
Secure communication
Project keys are pinned at /keys/. Security-sensitive reports should be sent to /security/ (PGP-supported).