stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Gaps fill up, fixes, ui restructuring

Browse Source
This commit is contained in:
master
2026-02-19 22:10:54 +02:00
parent b5829dce5c
commit 04cacdca8a
331 changed files with 42859 additions and 2174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
docs/product/moat-strategy-summary.md
View File

@@ -85,6 +85,11 @@ Use these in sales conversations, marketing materials, and internal alignment.
| Trust scoring of VEX sources | P1 | 4500_0001_0002 |
| Tier 4 binary fingerprinting | P1 | 7204-7206 |
| SBOM historical lineage | P2 | 4600_0001_* |
| Signed execution evidence (trace-to-DSSE) | P2 | 20260219_013 |
| Runtime beacon attestations | P3 | 20260219_014 |
| Symbol/Debug Pack Marketplace | P1 | 20260220_001-003 |
| Privacy-Preserving Federated Telemetry | P1 | 20260220_005-009 |
| Developer-Facing Remediation Marketplace | P1 | 20260220_010-015 |
## Competitor Positioning
@@ -96,6 +101,9 @@ Use these in sales conversations, marketing materials, and internal alignment.
| **Prisma Cloud** | CNAPP breadth, graph investigation | Platform completeness | Decision integrity, deterministic replay, semantic diff |
| **Anchore** | SBOM operations maturity | SBOM storage | Lattice VEX, signed reachability, proof chains |
| **Aqua/Trivy** | Runtime protection, broad coverage | Ecosystem breadth | Forensic reproducibility, K4 logic, regional crypto |
| **Docker Scout** | DHI integration, SBOM/VEX/provenance attestations via cosign | Registry-native UX | Symbolized call-stack proofs, deterministic replay, lattice VEX, Rekor size-aware pointer strategy |
| **JFrog** | Evidence Collection centralizing signed SDLC evidence | Artifact management breadth | Deterministic scoring envelopes, function-level reachability proofs, replayable verdicts, formal VEX reasoning |
| **Oligo Security** | Runtime call-stack exploitability proofs | Runtime-only depth | Three-layer fusion (static+binary+runtime), SBOM/VEX integration, deterministic replay, offline/air-gap, signed graphs |
### Our Winning Positions
@@ -108,11 +116,16 @@ Use these in sales conversations, marketing materials, and internal alignment.
### Where We're Ahead
1. **VEX decisioning** — K4 lattice with conflict detection; no competitor has this
1. **VEX decisioning** — K4 lattice with conflict detection; no competitor has this (including Docker Scout, JFrog)
2. **Smart-Diff** — Semantic risk deltas with priority scoring; unique
3. **Signed reachability** — DSSE graphs + edge bundles; unique
4. **Deterministic replay** — Bit-for-bit reproducibility; unique
3. **Signed reachability** — DSSE graphs + edge bundles; unique. Docker Scout/JFrog/Trivy stop at SBOM/VEX/provenance attestations
4. **Deterministic replay** — Bit-for-bit reproducibility; unique. JFrog Evidence Collection centralizes evidence but can't replay verdicts
5. **Regional crypto** — FIPS/eIDAS/GOST/SM/PQC; unique
6. **Symbolized call-stack proofs + Symbol Marketplace** — Demangled symbols, build-ID binding, OCI symbol packs as first-class referrer artifacts; no competitor has function-level symbol evidence. The Symbol Marketplace adds source trust scoring (freshness/signature/coverage/SLA), browsable catalog with DSSE-verified install, and multi-provider federation (Microsoft Symbols, debuginfod distros, partner feeds)
7. **Privacy-Preserving Federated Telemetry** — Differential privacy (Laplacian noise, epsilon budget) + k-anonymity over federated runtime signals with DSSE-signed consent proofs; no competitor has privacy-safe cross-site exploit intelligence sharing. Network-effect moat.
8. **Developer-Facing Remediation Marketplace** — Signed-PR fix attestations verified against reachability proof deltas with contributor trust scoring; no competitor has PR-level fix verification tied to reachability evidence. Six-module integration depth.
9. **Rekor size-aware pointer strategy** — Hash pointer in transparency log + full payload in vault; addresses real Rekor ~100KB upload constraints that competitors ignore
10. **Deterministic signed scoring envelopes** — Seeded, replayable score computation with DSSE-signed intermediates; competitors sign evidence but not deterministic scoring traces
### Where Competitors Lead (For Now)
@@ -159,4 +172,4 @@ stella scan --offline --image <digest>
---
**Last Updated**: 2026-01-03
**Last Updated**: 2026-02-19