What makes Stella Ops different ?
A short, opinionated list of the features other scanners don’t ship — and the release where you can expect each one. For the exhaustive list see the Road‑map.
Stand‑out capabilities
- Δ‑SBOM diff engine — re‑analyses only new layers; warm‑path scans finish in less than 5 s. α (v0.1)
- FeedMerge service — merges global + regional vulnerability feeds into a local DB snapshot. α (v0.1)
- Modular .NET core — start‑up‑time plug‑ins with a public SDK; hot‑plug arrives post‑1.0. α (v0.1)
- Angular 20 UI — dashboard, reports, settings & admin modules baked in from day 1. α (v0.1)
- Nightly auto‑re‑scan of previously "clean" SBOMs against fresh CVE data. β (v0.2)
- Private‑registry sweeper — crawls your internal Docker/OCI registry on a cron. β (v0.2)
- Policy‑as‑code — YAML/Rego policies for scanning and gating. β (v0.3)
- Zastava scanner — blocks non‑approved base images in running environments. β (v0.3)
- Cosign‑signed releases + attested SBOMs — OCI attestations (Buildx) for provenance. β (v0.3)
- Air‑gap ready — see
Offline Kit. β (v0.3) - AI Fix‑advisor — natural‑language suggestions and one‑click pull‑requests. GA (v1.0)
- TLS policy: TLS 1.3 baseline with pluggable sovereign providers (like SM2/SM3 or as law jurisdiction). GA (v1.0)
- LDAP / AD single‑sign‑on for enterprises. GA (v1.0)
Wondering how we stack up against the market? Read “Why Stella Ops”.