stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add determinism tests for verdict artifact generation and update SHA256 sums script

Browse Source 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
This commit is contained in:
StellaOps Bot
2025-12-24 02:17:34 +02:00
parent e59921374e
commit 7503c19b8f
390 changed files with 37389 additions and 5380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs/05_ROADMAP.md
View File

@@ -1,6 +1,34 @@
# Roadmap
Milestones are maintained on the project website.
👉 <https://stellaops.org/roadmap/>
_This stub exists to satisfy historic links._
# Roadmap
This repository is the source of truth for StellaOps direction. The roadmap is expressed as stable, evidence-based capability milestones (not calendar promises) so it stays correct during long audits and offline operation.
## How to read this
- **Now / Next / Later** are priority bands, not dates.
- A capability is “done” when the required evidence exists and is reproducible (see `docs/roadmap/maturity-model.md`).
## Now (Foundation)
- Deterministic scan pipeline: image → SBOMs (SPDX 3.0.1 + CycloneDX 1.6) with stable identifiers and replayable outputs.
- Advisory ingestion with offline-friendly mirrors, normalization, and deterministic merges.
- VEX-first triage: OpenVEX ingestion/consensus with explainable, stable verdicts.
- Policy gates: deterministic policy evaluation (OPA/Rego where applicable) with audit-friendly decision traces.
- Offline Kit workflows (bundle → import → verify) with signed artifacts and deterministic indexes.
## Next (Hardening)
- Multi-tenant isolation (tenancy boundaries + RLS where applicable) and an audit trail built for replay.
- Signing and provenance hardening: DSSE/in-toto everywhere; configurable crypto profiles (FIPS/GOST/SM) where enabled.
- Determinism gates and replay tests in CI to prevent output drift across time and environments.
## Later (Ecosystem)
- Wider connector/plugin ecosystem, operator tooling, and SDKs.
- Expanded graph/reachability capabilities and export/pack formats for regulated environments.
## Detailed breakdown
- `docs/roadmap/README.md`
- `docs/roadmap/maturity-model.md`
## Related high-level docs
- `docs/03_VISION.md`
- `docs/04_FEATURE_MATRIX.md`
- `docs/40_ARCHITECTURE_OVERVIEW.md`
- `docs/24_OFFLINE_KIT.md`
- `docs/key-features.md`