Add determinism tests for verdict artifact generation and update SHA256 sums script
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
@@ -14,8 +14,8 @@
|
||||
| **Enterprise** | 2,000+ | SSO/Contract | Annual | Organizations (25+), regulated | Contact Sales |
|
||||
|
||||
**Key Differences:**
|
||||
- **Free → Community**: Same features, 10× quota, requires registration
|
||||
- **Community → Enterprise**: Compliance, scale, multi-team, support
|
||||
- **Free → Community**: 10× quota, deep analysis, Helm/K8s, email alerts, requires registration
|
||||
- **Community → Enterprise**: Scale (HA), multi-team (RBAC scopes), automation (CI/CD), support (SLA)
|
||||
|
||||
---
|
||||
|
||||
@@ -134,10 +134,10 @@
|
||||
| Trust Vector Scoring (P/C/R) | ✅ | ✅ | ✅ | |
|
||||
| Claim Strength Multipliers | ✅ | ✅ | ✅ | |
|
||||
| Freshness Decay | ✅ | ✅ | ✅ | |
|
||||
| **Conflict Detection & Penalty** | — | — | ✅ | K4 lattice logic |
|
||||
| **VEX Conflict Studio UI** | — | — | ✅ | Visual resolution |
|
||||
| Conflict Detection & Penalty | ✅ | ✅ | ✅ | K4 lattice logic |
|
||||
| VEX Conflict Studio UI | ✅ | ✅ | ✅ | Visual resolution |
|
||||
| VEX Hub (Distribution) | ✅ | ✅ | ✅ | Internal VEX network |
|
||||
| **Trust Calibration Service** | — | — | ✅ | Org-specific tuning |
|
||||
| **VEX Hub (Distribution)** | — | — | ✅ | Internal VEX network |
|
||||
|
||||
---
|
||||
|
||||
@@ -184,17 +184,17 @@
|
||||
|
||||
## Regional Crypto (Sovereign Profiles)
|
||||
|
||||
*Compliance features for regulated industries.*
|
||||
*Sovereign crypto is core to the AGPL promise - no vendor lock-in on compliance.*
|
||||
|
||||
| Capability | Free | Community | Enterprise | Notes |
|
||||
|------------|:----:|:---------:|:----------:|-------|
|
||||
| Default Crypto (Ed25519) | ✅ | ✅ | ✅ | |
|
||||
| **FIPS 140-2/3 Mode** | — | — | ✅ | US Federal |
|
||||
| **eIDAS Signatures** | — | — | ✅ | EU Compliance |
|
||||
| **GOST/CryptoPro** | — | — | ✅ | Russia |
|
||||
| **SM National Standard** | — | — | ✅ | China |
|
||||
| **Post-Quantum (Dilithium)** | — | — | ✅ | Future-proof |
|
||||
| **Crypto Plugin Architecture** | — | — | ✅ | Custom HSM |
|
||||
| FIPS 140-2/3 Mode | ✅ | ✅ | ✅ | US Federal |
|
||||
| eIDAS Signatures | ✅ | ✅ | ✅ | EU Compliance |
|
||||
| GOST/CryptoPro | ✅ | ✅ | ✅ | Russia |
|
||||
| SM National Standard | ✅ | ✅ | ✅ | China |
|
||||
| Post-Quantum (Dilithium) | ✅ | ✅ | ✅ | Future-proof |
|
||||
| Crypto Plugin Architecture | ✅ | ✅ | ✅ | Custom HSM |
|
||||
|
||||
---
|
||||
|
||||
@@ -339,9 +339,10 @@
|
||||
|------------|:----:|:---------:|:----------:|-------|
|
||||
| Basic Auth | ✅ | ✅ | ✅ | |
|
||||
| API Keys | ✅ | ✅ | ✅ | |
|
||||
| **SSO/SAML Integration** | — | — | ✅ | Okta, Azure AD |
|
||||
| **OIDC Support** | — | — | ✅ | |
|
||||
| **Advanced RBAC** | — | — | ✅ | Team-based |
|
||||
| SSO/SAML Integration | ✅ | ✅ | ✅ | Okta, Azure AD |
|
||||
| OIDC Support | ✅ | ✅ | ✅ | |
|
||||
| Basic RBAC | ✅ | ✅ | ✅ | User/Admin |
|
||||
| **Advanced RBAC** | — | — | ✅ | Team-based scopes |
|
||||
| **Multi-Tenant Management** | — | — | ✅ | Org hierarchy |
|
||||
| **Audit Log Export** | — | — | ✅ | SIEM integration |
|
||||
|
||||
@@ -354,11 +355,12 @@
|
||||
| Email Notifications | — | ✅ | ✅ | |
|
||||
| In-App Notifications | ✅ | ✅ | ✅ | |
|
||||
| EPSS Change Alerts | — | ✅ | ✅ | |
|
||||
| **Slack Integration** | — | — | ✅ | Enterprise Grid |
|
||||
| **Teams Integration** | — | — | ✅ | Enterprise |
|
||||
| Slack Integration | ✅ | ✅ | ✅ | Basic |
|
||||
| Teams Integration | ✅ | ✅ | ✅ | Basic |
|
||||
| Zastava Registry Hooks | ✅ | ✅ | ✅ | Auto-scan on push |
|
||||
| **Custom Webhooks** | — | — | ✅ | Any endpoint |
|
||||
| **CI/CD Gates** | — | — | ✅ | GitLab/GitHub/Jenkins |
|
||||
| **Zastava Registry Hooks** | — | — | ✅ | Auto-scan on push |
|
||||
| **Enterprise Connectors** | — | — | ✅ | Grid/Premium APIs |
|
||||
|
||||
---
|
||||
|
||||
@@ -421,10 +423,13 @@
|
||||
### Free Tier (33 scans/day)
|
||||
**Target:** Individual developers, OSS contributors, evaluation
|
||||
|
||||
- All language analyzers
|
||||
- Basic scanning and SBOM generation
|
||||
- Core determinism features
|
||||
- Basic VEX and policy
|
||||
- All language analyzers (8 languages)
|
||||
- All regional crypto (FIPS/eIDAS/GOST/SM/PQ)
|
||||
- Full VEX processing + VEX Hub + Conflict Studio
|
||||
- SSO/SAML/OIDC authentication
|
||||
- Zastava registry webhooks
|
||||
- Slack/Teams notifications
|
||||
- Core determinism + replay
|
||||
- Docker Compose deployment
|
||||
- Community support
|
||||
|
||||
@@ -434,40 +439,28 @@
|
||||
Everything in Free, plus:
|
||||
- 10× scan quota
|
||||
- Deep analysis mode
|
||||
- Binary analysis basics
|
||||
- Binary analysis (backport detection)
|
||||
- Advanced attestation predicates
|
||||
- Helm/K8s deployment
|
||||
- Email notifications
|
||||
- Monthly OUK access
|
||||
- Email notifications + EPSS alerts
|
||||
- Monthly Offline Update Kit access
|
||||
|
||||
**Registration required, 30-day token renewal**
|
||||
|
||||
### Enterprise Tier (2,000+ scans/day)
|
||||
**Target:** Organizations 25+, regulated industries, compliance-driven
|
||||
**Target:** Organizations 25+, compliance-driven, multi-team
|
||||
|
||||
Everything in Community, plus:
|
||||
- **Compliance**: Regional crypto (FIPS/eIDAS/GOST/SM), SLSA, Rekor
|
||||
- **Scale**: HA, horizontal scaling, priority queue
|
||||
- **Access**: SSO/SAML, advanced RBAC, multi-tenant
|
||||
- **Advanced**: Binary fingerprints, trust calibration, custom policies
|
||||
- **Air-Gap**: Sealed snapshots, extended offline tokens
|
||||
- **Integration**: Enterprise Slack/Teams, CI/CD gates, webhooks
|
||||
- **Support**: SLA, priority support, dedicated CSM
|
||||
- **Scale**: HA, horizontal scaling, priority queue, burst allowance
|
||||
- **Multi-Team**: Advanced RBAC (scopes), multi-tenant, org hierarchy
|
||||
- **Advanced Detection**: Binary fingerprints, trust calibration
|
||||
- **Compliance**: SLSA provenance, Rekor transparency, audit pack export
|
||||
- **Air-Gap**: Sealed snapshots, 90-day offline tokens, no-egress mode
|
||||
- **Automation**: CI/CD gates, custom webhooks, scheduled scans
|
||||
- **Observability**: OpenTelemetry, Prometheus, KPI dashboards
|
||||
- **Support**: SLA (99.9%), priority support (4hr), dedicated CSM
|
||||
|
||||
---
|
||||
|
||||
## Statistics Summary
|
||||
|
||||
| Metric | Value |
|
||||
|--------|-------|
|
||||
| **Total Features** | 150+ |
|
||||
| **Free Tier Features** | ~45 |
|
||||
| **Community Tier Features** | ~85 |
|
||||
| **Enterprise Tier Features** | 150+ |
|
||||
| **Language Analyzers** | 8 (all tiers) |
|
||||
| **Advisory Sources** | 9 (Free), 10 (Community), 11+ (Enterprise) |
|
||||
| **Crypto Profiles** | 1 (Free/Community), 6 (Enterprise) |
|
||||
|
||||
---
|
||||
|
||||
> **Legend:** ✅ = Included | — = Not available | ⏳ = Planned
|
||||
|
||||
Reference in New Issue
Block a user