stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
92536208334f3663fff4a850b39823cf7b31f9a8
git.stella-ops.org/docs/benchmarks/scanner/windows-macos-demand.md
master b1e78fe412
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement vulnerability token signing and verification utilities 
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:04:10 +02:00

3.8 KiB
Raw Blame History

Windows / macOS Analyzer Demand Capture

Current competitive posture

  • Trivy coverage tables enumerate Linux family distributions only (Alpine, Wolfi, Chainguard, Debian/Ubuntu, RHEL/Alma/Rocky, SUSE, Photon, Amazon, Bottlerocket) with no mention of Windows or macOS package managers (source: /tmp/trivy-docs/docs/docs/coverage/os/index.md).
  • Grype matchers target Linux ecosystems via Syft catalogers (APK, DPKG/APT, RPM, Portage, Bitnami) with no coverage for Windows Installer, MSI, Chocolatey, or macOS Homebrew/App bundles (source: /tmp/grype-data/grype/matcher/{apk,dpkg,rpm}/matcher.go).
  • Snyk CLI focuses on container, open source, IaC, and code scanning routed through the SaaS service; CLI documentation does not advertise Windows/macOS package coverage beyond container images (source: /tmp/snyk-cli/README.md).

Signals to gather

  1. Customer interviews ask regulated customers deploying Windows Server or Windows container workloads which artifacts require SBOM + VEX and whether current StellaOps scope (Linux images) blocks adoption.
  2. Sales & SE feedback loop capture any RFP items referencing Windows/macOS scanning and log them in the Scanner guild tracker (SCANNER-ANALYZERS-OS-*).
  3. Support telemetry review ticket tags for “windows”, “macos”, “dotnet framework” to quantify inbound demand.
  4. Community landscape monitor Trivy/Grype/Snyk release notes for Windows/macOS announcements; update this note and the feature matrix when competitors change posture.
  5. Interview discipline use the structured questionnaire in windows-macos-interview-template.md to ensure consistent scoring and capture follow-up actions.

Signals log — macOS

Date (YYYY-MM-DD) Source / Account Use case Demand strength (1-5) Notes / follow-up
2025-11-03 Northwind Health Services (NA) macOS CI runners require notarization evidence for release sign-off 4 Demo deterministic bundle inspection w/ Product on 2025-11-10; capture entitlements policy requirements.

Signals log — Windows

Date (YYYY-MM-DD) Source / Account Use case Demand strength (1-5) Notes / follow-up
2025-11-03 FinSecure Corp (NA) Windows Server 2019 images need MSI/WinSxS SBOM + signed driver attestations for PCI audit 5 Blocking go-live; Security guild to confirm Authenticode posture (POLICY-READINESS-0002) by 2025-11-07.

Next actions

  • Coordinate with Product Marketing to add Windows/macOS discovery prompts into upcoming customer advisory sessions (target: Sprint 132 intake).
  • Instrument the scanner roadmap intake form with explicit checkboxes for Windows/macOS package ecosystems.
  • If three or more qualified customers flag Windows/macOS coverage as a blocking requirement, open a design spike under the Scanner Analyzer Guild with scope/time estimates and Offline Kit considerations.
  • Keep the macOS deep dive (docs/benchmarks/scanner/deep-dives/macos.md) in sync with demand findings so engineering can move from design sketch to formal backlog when thresholds are met.
  • Update the Windows deep dive (docs/benchmarks/scanner/deep-dives/windows.md) and associated design briefs (docs/modules/scanner/design/windows-analyzer.md) as new signals arrive.
  • Refresh API dashboards (docs/api/scanner/windows-macos-summary.md, docs/api/scanner/windows-coverage.md) after each update to keep Product and Field teams aligned.
  • Drive POLICY-READINESS-0002 Authenticode/feed decision by 2025-11-07 (FinSecure PCI blocker); log outcome in dashboards and design briefs.
  • Prepare POLICY-READINESS-0001 workshop aligned with Northwind demo on 2025-11-10, updating policy briefs with masking/telemetry decisions.