Five‑minute Docker install
This guide spins up Stella Ops — a .NET 10 LTS back‑end with an Angular 20 UI — on a single host in ≈ 5 minutes.
Ideal for laptops or CI runners with Docker ≥ 25.
Status. The first public α (
v0.1) is due late 2025; the commands below will work once the image is tagged :0.1.0‑alpha. Follow the Road‑map for exact dates.0 · Prerequisites
| Item | Minimum | Notes |
|---|---|---|
| OS | Ubuntu 22.04 / Alma 9 | x86‑64 or arm64 |
| CPU / RAM | 2 vCPU / 2 GiB | Dev‑laptop baseline |
| Disk | 10 GiB SSD | SBOM cache |
| Docker | Engine 25 + Compose v2 | docker ‑v |
1 · Download signed Compose files
# create working dir
mkdir stella && cd $_
# grab signed files
curl -LO https://get.stella-ops.org/releases/latest/.env.example
curl -LO https://get.stella-ops.org/releases/latest/.env.example.sig
curl -LO https://get.stella-ops.org/releases/latest/docker-compose.infrastructure.yml
curl -LO https://get.stella-ops.org/releases/latest/docker-compose.infrastructure.yml.sig
curl -LO https://get.stella-ops.org/releases/latest/docker-compose.stella-ops.yml
curl -LO https://get.stella-ops.org/releases/latest/docker-compose.stella-ops.yml.sig
# verify signatures BEFORE editing
cosign verify-blob --key https://stella-ops.org/keys/cosign.pub
--signature .env.example.sig .env.example
cosign verify-blob --key https://stella-ops.org/keys/cosign.pub
--signature docker-compose.infrastructure.yml.sig docker-compose.infrastructure.yml
cosign verify-blob --key https://stella-ops.org/keys/cosign.pub
--signature docker-compose.stella-ops.yml.sig docker-compose.stella-ops.yml
# create working .env and edit credentials
cp .env.example .env
# launch databases
docker compose --env-file .env -f docker-compose.infrastructure.yml up -d
# launch Stella Ops (first run pulls ~50 MB vuln DB)
docker compose --env-file .env -f docker-compose.stella-ops.yml up -d
# Optionally can be done at any time. Add JWT token
docker --env-file .env compose -f docker-compose.stella-ops.yml exec stella set-jwt <JWT_FROM_EMAIL>
# open https://<host>:8443 (self‑signed)
# default login: admin / changeme2 · Create .env
# ─── Identity (shows in reports) ───────────────────────────────
COMPANY_NAME="Acme Corp"
ISSUER_EMAIL="ops@acme.example"
# ─── Database secrets ──────────────────────────────────────────
MONGO_INITDB_ROOT_USERNAME=stella_admin
MONGO_INITDB_ROOT_PASSWORD=$(openssl rand -base64 18)
REDIS_PASSWORD=$(openssl rand -base64 18)
# ─── Optional quota token (email token@stella‑ops.org) ─────────
STELLA_JWT="paste‑token‑here" # {{ quota_token }} scans/dayRe‑use existing Redis or MongoDB? Point
compose‑stella.yml at those hosts and keep passwords in .env.3 · Launch infra
docker compose --env-file .env -f docker-compose.infrastructure.yml pull
docker compose --env-file .env -f docker-compose.infrastructure.yml up -d4 · Launch Stella Ops
docker compose --env-file .env -f docker-compose.stella-ops.yml pull
docker compose --env-file .env -f docker-compose.stella-ops.yml up -dOpen https://<host>:8443 (self‑signed cert). Default admin login: admin / changeme.
5 · Reload the token later
# add new JWT to .env, then:
docker compose --env-file .env -f docker-compose.stella-ops.yml \
exec stella admin set-jwt <JWT_FROM_EMAIL>Quota jumps from 33 to 333 scans instantly. A gentle reminder banner appears once you hit 90% daily scan quota; after 333 scans the CLI keeps working but slows by ~10 %.
Next steps
- CI recipes — see
docs/ci/for GitHub Actions, GitLab CI and Jenkins snippets. - Air‑gap install — follow the Offline Kit guide.
- Feature overview — check the updated Features page.