stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
95ff83e0f032c69fb045a8a4aabe108ce2284e3b
git.stella-ops.org/docs/db/reports/vuln-parity-sbom-sample-20251209.md
StellaOps Bot 95ff83e0f0 docs: seed vuln parity sbom list with available fixtures
2025-12-06 10:10:45 +00:00

23 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# SBOM & Advisory Sample List · Vulnerability Parity · 2025-12-09
Use this list for PG-T5b.35b.4 parity runs (Mongo vs Postgres). Keep counts deterministic and freeze inputs once finalized.
## Advisory sample (10k advisories)
- Source selection: e.g., NVD 2025-08 snapshot, OSV 2025-09, vendor feeds.
- Selection method: deterministic (sorted by source + advisory key); document exact query.
- Export path: <populate>
- SHA256 of export: <populate>
## SBOM sample set
| # | SBOM path | Ecosystem | Size | Hash (SHA256) | Notes |
|---|-----------|-----------|------|---------------|-------|
| 1 | docs/scripts/sbom-vex/sbom.json | npm | ~95 KB | <fill> | Deterministic compose sample used in sbom-vex proof. |
| 2 | docs/examples/policies/sample-sbom.json | npm | small | <fill> | Tiny npm sample for quick parity sanity. |
| 3 | tests/Graph/StellaOps.Graph.Indexer.Tests/Fixtures/v1/sbom-snapshot.json | mixed | <fill> | Graph indexer SBOM snapshot used in tests. |
| 4 | <add: go> | go | <fill> | TODO: create/store Go SBOM under docs/db/reports/assets/vuln-parity-20251211/. |
| 5 | <add: pypi/maven/os> | pypi or maven or rpm/deb | <fill> | TODO: add one non-npm ecosystem SBOM for coverage. |
## Determinism guardrails
- Do not change sample set after hashes recorded.
- Store exports under `docs/db/reports/assets/vuln-parity-20251211/` with hash manifest.
Reference in New Issue View Git Blame Copy Permalink