Installation Guide

1 · Docker (connected host)

docker run --rm -it \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v $HOME/.cache/stella:/data \
  registry.stella-ops.org/stella-ops/stella-ops:latest \
  scan <image>

Example: scan alpine:3.20
First run downloads the vulnerability DB (~50 MB). Core services are built with .NET 10 LTS and the web UI ships as a static Angular 20 bundle inside the image.

2 · Offline Update Kit (air‑gap)

The α release ships with a signed Offline Update Kit tarball that contains all container images, CVE feeds and the pre‑indexed database. Transfer the file and import it like so:

curl -LO https://get.stella-ops.org/ouk/stella-ops-offline-update-kit‑2025-v0.1a.tar.gz
curl -LO https://get.stella-ops.org/ouk/stella-ops-offline-update-kit‑2025-v0.1a.sig

cosign verify-blob \
  --key https://stella-ops.org/keys/cosign.pub \
  --signature stella-ops-offline-update-kit‑2025-v0.1a.sig \
  stella-ops-offline-update-kit‑2025-v0.1a.tar.gz

docker compose --env-file .env -f docker-compose.stella-ops.yml \
  exec stella admin import-offline-update-kit stella-ops-offline-update-kit‑2025-v0.1a.tar.gz

Import verifies both the Cosign signature and the embedded manifest.spdx.json.

3 · (Optional) request a free quota token

Without any registration you can run 33 scans per UTC‑day. Email token@stella-ops.org from any address and our bot will reply with a signed JWT that lifts the quota to 333 scans per day. Above 90% daily scan quota the UI slows by ~10 % and shows a friendly “support the project” banner.

docker compose --env-file .env -f docker-compose.stella-ops.yml \
  exec stella-ops stella set-jwt <JWT_FROM_EMAIL>