stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add tests for SBOM generation determinism across multiple formats

Browse Source 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
This commit is contained in:
master
2025-12-23 18:56:12 +02:00
parent 7ac70ece71
commit bc4318ef97
88 changed files with 6974 additions and 1230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docs2/topic-map.md
View File

@@ -18,6 +18,10 @@ Architecture and system model
docs/modules/platform/architecture-overview.md, docs/modules/*/architecture.md
- Docs2: architecture/overview.md, architecture/workflows.md, modules/index.md
Advisory alignment
- Sources: docs/architecture/advisory-alignment-report.md
- Docs2: architecture/advisory-alignment.md
Component map
- Sources: docs/technical/architecture/component-map.md
- Docs2: architecture/component-map.md
@@ -77,7 +81,7 @@ Advisory AI
Orchestrator detail
- Sources: docs/orchestrator/*
- Docs2: orchestrator/overview.md, orchestrator/architecture.md, orchestrator/api.md,
orchestrator/cli.md, orchestrator/console.md
orchestrator/cli.md, orchestrator/console.md, orchestrator/runbook.md
Orchestrator run ledger
- Sources: docs/orchestrator/run-ledger.md
@@ -118,7 +122,10 @@ Replay and determinism
Runbooks and incident response
- Sources: docs/runbooks/*, docs/operations/*
- Docs2: operations/runbooks.md
- Docs2: operations/runbooks.md, operations/key-rotation.md,
operations/proof-verification.md, operations/score-proofs.md,
operations/reachability.md, operations/trust-lattice.md,
operations/unknowns-queue.md
Notifications
- Sources: docs/notifications/*, docs/modules/notify/*
@@ -129,7 +136,8 @@ Notifications details
docs/notifications/channels.md, docs/notifications/templates.md,
docs/notifications/digests.md, docs/notifications/pack-approvals-integration.md
- Docs2: notifications/overview.md, notifications/rules.md, notifications/channels.md,
notifications/templates.md, notifications/digests.md, notifications/pack-approvals.md
notifications/templates.md, notifications/digests.md, notifications/pack-approvals.md,
notifications/runbook.md
Router rate limiting
- Sources: docs/router/*
@@ -138,7 +146,8 @@ Router rate limiting
Release engineering and CI/DevOps
- Sources: docs/13_RELEASE_ENGINEERING_PLAYBOOK.md, docs/ci/*, docs/devops/*,
docs/release/*, docs/releases/*
- Docs2: release/release-engineering.md
- Docs2: release/release-engineering.md, release/promotion-attestations.md,
release/release-notes.md
API and contracts
- Sources: docs/09_API_CLI_REFERENCE.md, docs/api/*, docs/schemas/*,
@@ -177,7 +186,8 @@ Regulator threat and evidence model
Identity, tenancy, and scopes
- Sources: docs/security/authority-scopes.md, docs/security/scopes-and-roles.md,
docs/architecture/console-admin-rbac.md
- Docs2: security/identity-tenancy-and-scopes.md
- Docs2: security/identity-tenancy-and-scopes.md, security/multi-tenancy.md,
security/row-level-security.md
Console admin RBAC
- Sources: docs/architecture/console-admin-rbac.md
@@ -213,20 +223,26 @@ Quota and licensing
Risk model and scoring
- Sources: docs/risk/*, docs/contracts/risk-scoring.md
- Docs2: security/risk-model.md
- Docs2: security/risk-model.md, risk/overview.md, risk/factors.md, risk/formulas.md,
risk/profiles.md, risk/explainability.md, risk/api.md
Forensics and evidence locker
- Sources: docs/forensics/*, docs/evidence-locker/*
- Docs2: security/forensics-and-evidence-locker.md
- Sources: docs/forensics/*, docs/evidence-locker/*, docs/ops/evidence-locker-handoff.md
- Docs2: security/forensics-and-evidence-locker.md, security/evidence-locker-publishing.md
Timeline forensics
- Sources: docs/forensics/timeline.md
- Docs2: security/timeline.md
Provenance and transparency
- Sources: docs/provenance/*, docs/security/trust-and-signing.md,
docs/modules/attestor/*, docs/modules/signer/*
- Docs2: provenance/inline-provenance.md
- Docs2: provenance/inline-provenance.md, provenance/attestation-workflow.md,
provenance/rekor-policy.md, provenance/backfill.md
Database and persistence
- Sources: docs/db/*, docs/adr/0001-postgresql-for-control-plane.md
- Docs2: data/persistence.md
- Docs2: data/persistence.md, data/postgresql-operations.md, data/postgresql-patterns.md
Events and messaging
- Sources: docs/events/*, docs/samples/*
@@ -334,19 +350,22 @@ Vuln Explorer overview
Testing and quality
- Sources: docs/19_TEST_SUITE_OVERVIEW.md, docs/testing/*
- Docs2: testing-and-quality.md
- Docs2: testing-and-quality.md, testing/router-chaos.md
Observability and telemetry
- Sources: docs/metrics/*, docs/observability/*, docs/modules/telemetry/*,
docs/technical/observability/*
- Docs2: observability.md
- Docs2: observability.md, observability-standards.md, observability-logging.md,
observability-tracing.md, observability-metrics-slos.md, observability-telemetry-controls.md,
observability-aoc.md, observability-aggregation.md, observability-policy.md,
observability-ui-telemetry.md, observability-vuln-telemetry.md
Benchmarks and performance
- Sources: docs/benchmarks/*, docs/12_PERFORMANCE_WORKBOOK.md
- Docs2: benchmarks.md
Guides and workflows
- Sources: docs/guides/*, docs/ci/sarif-integration.md
- Sources: docs/guides/*, docs/ci/sarif-integration.md, docs/architecture/epss-versioning-clarification.md
- Docs2: guides/compare-workflow.md, guides/epss-integration.md
Examples and fixtures