stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7503c19b8ffa7f2891e5e672f9cfbf7efa4e2efb
git.stella-ops.org/docs/05_ROADMAP.md
StellaOps Bot 7503c19b8f Add determinism tests for verdict artifact generation and update SHA256 sums script 
- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00

1.7 KiB
Executable File
Raw Blame History

Roadmap

This repository is the source of truth for StellaOps direction. The roadmap is expressed as stable, evidence-based capability milestones (not calendar promises) so it stays correct during long audits and offline operation.

How to read this

  • Now / Next / Later are priority bands, not dates.
  • A capability is “done” when the required evidence exists and is reproducible (see docs/roadmap/maturity-model.md).

Now (Foundation)

  • Deterministic scan pipeline: image → SBOMs (SPDX 3.0.1 + CycloneDX 1.6) with stable identifiers and replayable outputs.
  • Advisory ingestion with offline-friendly mirrors, normalization, and deterministic merges.
  • VEX-first triage: OpenVEX ingestion/consensus with explainable, stable verdicts.
  • Policy gates: deterministic policy evaluation (OPA/Rego where applicable) with audit-friendly decision traces.
  • Offline Kit workflows (bundle → import → verify) with signed artifacts and deterministic indexes.

Next (Hardening)

  • Multi-tenant isolation (tenancy boundaries + RLS where applicable) and an audit trail built for replay.
  • Signing and provenance hardening: DSSE/in-toto everywhere; configurable crypto profiles (FIPS/GOST/SM) where enabled.
  • Determinism gates and replay tests in CI to prevent output drift across time and environments.

Later (Ecosystem)

  • Wider connector/plugin ecosystem, operator tooling, and SDKs.
  • Expanded graph/reachability capabilities and export/pack formats for regulated environments.

Detailed breakdown

  • docs/roadmap/README.md
  • docs/roadmap/maturity-model.md

Related high-level docs

  • docs/03_VISION.md
  • docs/04_FEATURE_MATRIX.md
  • docs/40_ARCHITECTURE_OVERVIEW.md
  • docs/24_OFFLINE_KIT.md
  • docs/key-features.md