Build your own extensions
Stella Ops loads optional plug‑ins at start‑up, so you can inject custom scanners, policy engines and result exporters while the core stays a single auditable binary.
Why bother with a plug‑in SDK?
- Custom risk models — inject organisation‑specific scoring or compliance rules without maintaining a fork.
- Future‑proofing — swap in new vulnerability feeds or SBOM formats as standards change.
- Performance isolation — optional heavy logic (e.g. AI prioritisation) runs in its own module while the core scan path stays sub‑second.
Where you can plug in
| Hook | Purpose | Interface | Load mode |
|---|---|---|---|
| SBOM‑Enricher | Add metadata before scan (e.g. licences) | ISbomMutator | On start‑up |
| Scanner Engine | Analyse a new ecosystem (e.g. Rust Crates) | IVulnerabilityProvider | Start‑up |
| Policy Engine | Custom pass/fail rules | OPA Rego | Start‑up |
| Result Exporter | Send findings to external systems | IResultSink | Start‑up |
No hot‑plug yet. Modules are loaded once during service boot; live reloading will be revisited after v1.0.
SDK availability — v0.2 β (Q1 2026)
Early adopters can already browse the stella‑ops‑sdk branch; the binary interface will freeze when v0.2 is tagged.
5‑minute quick‑start (C# /.NET 10 LTS)
- Create a class‑library project:dotnet new classlib -n HelloWorld.Plugin
- Add the SDK NuGet:dotnet add package StellaOps.SDK --version 0.2.0-preview
- Implement
IResultSinkor any other interface. - Publish and copy the DLLs into
/opt/stella/plugins/HelloWorld/. - Restart the scanner; start‑up logs confirm your module is loaded.
Full tutorial lives in §30 Plug‑in Guide.
Security boundaries
- Plug‑ins run as Linux user
stella‑plugin(UID 1 001). - SELinux / AppArmor profile limits filesystem and network.
- cgroup quotas cap CPU and RAM to protect the core.
Monolith‑leaning, micro‑service‑ready
Stella Ops ships as a single .NET 10 executable, yet every functional slice (scanner, DB‑merger, pre‑/post hooks) is isolated behind an interface. Extracting a slice into its own container usually takes a day: compile the plug‑in as a self‑contained worker, expose the gRPC contract, point the core at the socket — done.
Architectural deep‑dive: docs/10_ARCHITECTURE_OVERVIEW.md.