Stella Ops — Frequently Asked Questions (Matrix)

Quick glance

QuestionShort answer
What is Stella Ops?A lightning‑fast, SBOM‑first container‑security scanner written in .NET 10 LTS with an Angular 20 web UI.
How fast is it?Warm scans finish in < 5 s on a 4‑vCPU runner; first scans stay < 30 s.
Is it free?Yes – 33 scans / day anonymously. Requesting a free JWT lifts the limit to 333. A gentle reminder shows at 200; exceeding the cap throttles speed but never blocks.
Does it run offline?Yes — download the signed Offline Update Kit; see /offline/.
Can I extend it?Yes — restart‑time plug‑ins (ISbomMutator, IVulnerabilityProvider, IResultSink, OPA Rego). Marketplace GA in v1.0.

Road‑map (authoritative link)

The full, always‑up‑to‑date roadmap lives at https://stella‑ops.org/roadmap/.
Snapshot:

VersionTarget dateLocked‑in scope (freeze at β)
v0.1 αLate 2025Δ‑SBOM engine, nightly re‑scan, Offline Kit v1, 33/ 333 quota
v0.2 βQ1 2026Zastava forbidden‑image scanner, registry sweeper, SDK β
v0.3 βQ2 2026YAML/Rego policy‑as‑code, SARIF output, OUK auto‑import
v0.4 RCQ3 2026AI remediation advisor, LDAP/AD SSO, pluggable TLS providers
v1.0 GAQ4 2026SLSA L3 provenance, signed plug‑in marketplace

Technical matrix

CategoryDetail
Core runtimeC# 14 on .NET 10 LTS
UI stackAngular 20 + TailwindCSS
Container baseDistroless glibc (x86‑64 & arm64)
Data storesMongoDB 7 (SBOM + findings), Redis 7 (LRU cache + quota)
Release integrityCosign‑signed images & TGZ, reproducible build, SPDX 2.3 SBOM
ExtensibilityPlug‑ins in any .NET language (restart load); OPA Rego policies
Default quotasAnonymous 33 scans/day · JWT 333

Quota enforcement (overview)

  • Counters live in Redis with 24 h keys: quota:ip:<sha256> or quota:tid:<hash>.
  • Soft reminder banner at 200 daily scans.
  • Past the limit: first 30 excess requests delayed 5 s; afterwards 60 s.
  • Behaviour is identical online and offline (validation local).

For full flow see docs/30_QUOTA_ENFORCEMENT_FLOW1.md.

Further reading

  • Install guide: /install/
  • Offline mode: /offline/
  • Security policy: /security/
  • Governance: /governance/
  • Community chat: Matrix #stellaops:libera.chat