stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

consolidation of some of the modules, localization fixes, product advisories work, qa work

Browse Source
This commit is contained in:
master
2026-03-05 03:54:22 +02:00
parent 7bafcc3eef
commit 8e1cb9448d
3878 changed files with 72600 additions and 46861 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/benchmarks/signals/bench-determinism.md
View File

@@ -42,7 +42,7 @@ for sbom, vex in zip(SBOMS, VEXES):
- CVSS delta σ vs reference; VEX stability (σ_after ≤ σ_before).
## Deliverables
- Harness at `src/Bench/StellaOps.Bench/Determinism` (offline-friendly mock scanner included).
- Harness at `src/Tools/StellaOps.Bench/Determinism` (offline-friendly mock scanner included).
- `results/*.csv` with per-run hashes plus `summary.json` determinism rate.
- `results/inputs.sha256` listing SBOM, VEX, and config hashes (deterministic ordering).
- `bench/reachability/dataset.sha256` listing reachability corpus inputs (graphs, runtime traces) when running combined bench.
@@ -57,7 +57,7 @@ for sbom, vex in zip(SBOMS, VEXES):
## How to run (local)
```sh
cd src/Bench/StellaOps.Bench/Determinism
cd src/Tools/StellaOps.Bench/Determinism
# Run determinism bench (uses built-in mock scanner by default; defaults to 10 runs)
python run_bench.py --sboms inputs/sboms/*.json --vex inputs/vex/*.json \
@@ -78,8 +78,8 @@ Outputs are written to `results.csv` (determinism), `results-reach.csv`/`results
## Offline/air-gap workflow
1. Place feeds bundle (see `src/Bench/StellaOps.Bench/Determinism/inputs/feeds/README.md`), SBOMs, VEX, and optional reachability corpus under `offline/inputs/` with matching `inputs.sha256` and (if reachability) `dataset.sha256`. A sample `inputs/inputs.sha256` is provided for the bundled demo SBOM/VEX/config.
2. Run `./offline_run.sh --inputs offline/inputs --output offline/results` (script lives under `src/Bench/StellaOps.Bench/Determinism`) to execute benches without network (defaults: runs=10, threshold=0.95; manifest verification on). Use `--no-verify` to skip hash checks if manifests are absent.
1. Place feeds bundle (see `src/Tools/StellaOps.Bench/Determinism/inputs/feeds/README.md`), SBOMs, VEX, and optional reachability corpus under `offline/inputs/` with matching `inputs.sha256` and (if reachability) `dataset.sha256`. A sample `inputs/inputs.sha256` is provided for the bundled demo SBOM/VEX/config.
2. Run `./offline_run.sh --inputs offline/inputs --output offline/results` (script lives under `src/Tools/StellaOps.Bench/Determinism`) to execute benches without network (defaults: runs=10, threshold=0.95; manifest verification on). Use `--no-verify` to skip hash checks if manifests are absent.
3. Store outputs plus manifests in Offline Kit; include DSSE envelope if signing is enabled (`./sign_results.sh`).
## Notes