Add tests for SBOM generation determinism across multiple formats
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism. - Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions. - Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests. - Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
This commit is contained in:
master
22
docs2/observability-vuln-telemetry.md
Normal file
22
docs2/observability-vuln-telemetry.md
Normal file
@@ -0,0 +1,22 @@
|
||||
# Vuln explorer telemetry
|
||||
|
||||
Purpose
|
||||
- Define metrics, logs, traces, and dashboards for vulnerability triage.
|
||||
|
||||
Planned metrics (pending final identifiers)
|
||||
- findings_open_total
|
||||
- mttr_seconds
|
||||
- triage_actions_total
|
||||
- report_generation_seconds
|
||||
|
||||
Planned logs
|
||||
- Fields: findingId, artifactId, advisoryId, policyVersion, actor, actionType.
|
||||
- Deterministic JSON with correlation IDs.
|
||||
|
||||
Planned traces
|
||||
- Spans for triage actions and report generation.
|
||||
- Sampling follows global tracing defaults; errors always sampled.
|
||||
|
||||
Assets and hashes
|
||||
- Capture metrics, logs, traces, and dashboard exports with SHA256SUMS.
|
||||
- Store assets under docs/assets/vuln-explorer/ once available.
|
||||
Reference in New Issue
Block a user