1.2 KiB
1.2 KiB
SBOM & Advisory Sample List · Vulnerability Parity · 2025-12-09
Use this list for PG-T5b.3–5b.4 parity runs (Mongo vs Postgres). Keep counts deterministic and freeze inputs once finalized.
Advisory sample (10k advisories)
- Source selection: e.g., NVD 2025-08 snapshot, OSV 2025-09, vendor feeds.
- Selection method: deterministic (sorted by source + advisory key); document exact query.
- Export path:
- SHA256 of export:
SBOM sample set
| # | SBOM path | Ecosystem | Size | Hash (SHA256) | Notes |
|---|---|---|---|---|---|
| 1 | docs/scripts/sbom-vex/sbom.json | npm | ~95 KB | Deterministic compose sample used in sbom-vex proof. | |
| 2 | go | TODO: pick Go SBOM fixture; store under docs/db/reports/assets/vuln-parity-20251211/. | |||
| 3 | pypi | TODO: pick Python SBOM fixture. | |||
| 4 | maven | TODO: pick Java/Maven SBOM fixture. | |||
| 5 | rpm/deb | TODO: pick OS package SBOM fixture (if available). |
Determinism guardrails
- Do not change sample set after hashes recorded.
- Store exports under
docs/db/reports/assets/vuln-parity-20251211/with hash manifest.