stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add tests for SBOM generation determinism across multiple formats

Browse Source 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
This commit is contained in:
master
2025-12-23 18:56:12 +02:00
parent 7ac70ece71
commit bc4318ef97
88 changed files with 6974 additions and 1230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs2/observability-standards.md Normal file
View File

@@ -0,0 +1,29 @@
# Observability standards
Common envelope fields
- Trace context: trace_id, span_id, trace_flags; propagate W3C traceparent and baggage.
- Tenant and workload: tenant, workload (service), region, env, version.
- Subject: component, operation, resource (purl or uri when safe).
- Timing: UTC ISO-8601 timestamp; durations in milliseconds.
- Outcome: status (ok, error, fault, throttle), error.code, redacted error.message, retryable.
Scrubbing policy
- Denylist PII and secrets: emails, tokens, auth headers, private keys, passwords.
- Redact to "[redacted]" and add redaction.reason (secret, pii, tenant_policy).
- Hash low-cardinality identifiers with sha256 and mark hashed=true.
- Never log full request or response bodies; store hashes and lengths only.
Sampling defaults
- Traces: 10% non-prod, 5% prod; always sample error or audit spans.
- Logs: info logs rate-limited; warn and error never sampled.
- Metrics: never sampled; stable histogram buckets per component.
Redaction override
- Overrides require a ticket id and are time-bound.
- Config: telemetry.redaction.overrides and telemetry.redaction.override_ttl (default 24h).
- Emit telemetry.redaction.audit with actor, fields, and TTL.
Determinism and offline
- No external enrichers; use bundled service maps and tenant metadata only.
- Export ordering: timestamp, workload, operation.
- Always use UTC; NDJSON for log exports.