stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
bc4318ef971247e18c9c05f8b7838880f6584dc3
git.stella-ops.org/docs2/topic-map.md
master bc4318ef97 Add tests for SBOM generation determinism across multiple formats 
- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.
2025-12-23 18:56:12 +02:00

14 KiB
Raw Blame History

Topic map (docs to docs2)

This map shows the source areas reviewed to build docs2. It lists directories and anchor docs rather than every single file.

Product and positioning

  • Sources: docs/README.md, docs/overview.md, docs/key-features.md, docs/03_VISION.md, docs/04_FEATURE_MATRIX.md, docs/05_SYSTEM_REQUIREMENTS_SPEC.md, docs/05_ROADMAP.md
  • Docs2: product/overview.md, product/roadmap-and-requirements.md

Market positioning and claims

  • Sources: docs/market/, docs/marketing/, docs/claims-index.md
  • Docs2: product/market-positioning.md, product/claims-and-benchmarks.md

Architecture and system model

  • Sources: docs/07_HIGH_LEVEL_ARCHITECTURE.md, docs/high-level-architecture.md, docs/ARCHITECTURE_DETAILED.md, docs/40_ARCHITECTURE_OVERVIEW.md, docs/modules/platform/architecture-overview.md, docs/modules/*/architecture.md
  • Docs2: architecture/overview.md, architecture/workflows.md, modules/index.md

Advisory alignment

  • Sources: docs/architecture/advisory-alignment-report.md
  • Docs2: architecture/advisory-alignment.md

Component map

  • Sources: docs/technical/architecture/component-map.md
  • Docs2: architecture/component-map.md

Ingestion and aggregation (AOC, linksets)

  • Sources: docs/ingestion/aggregation-only-contract.md, docs/aoc/*, docs/advisories/aggregation.md, docs/vex/aggregation.md
  • Docs2: ingestion/aggregation-and-linksets.md

AOC guardrails and library

  • Sources: docs/aoc/aoc-guardrails.md, docs/aoc/guard-library.md
  • Docs2: ingestion/aoc-guardrails.md

AOC linkset backfill

  • Sources: docs/concelier/backfill/*
  • Docs2: ingestion/backfill.md

Evidence and determinism

  • Sources: docs/replay/, docs/contracts/, docs/ingestion/, docs/data/, docs/11_DATA_SCHEMAS.md, docs/ARCHITECTURE_DETAILED.md
  • Docs2: architecture/evidence-and-trust.md, data-and-schemas.md

Reachability, VEX, unknowns

  • Sources: docs/reachability/, docs/vex/, docs/signals/, docs/modules/signals/, docs/modules/vex-lens/architecture.md, docs/modules/vexlens/architecture.md
  • Docs2: architecture/reachability-vex.md, signals/unknowns.md, signals/uncertainty.md

Reachability lattice and evidence

  • Sources: docs/reachability/lattice.md, docs/reachability/evidence-schema.md, docs/reachability/edge-explainability-schema.md, docs/reachability/runtime-static-union-schema.md
  • Docs2: architecture/reachability-lattice.md, architecture/reachability-evidence.md

VEX consensus

  • Sources: docs/vex/consensus-overview.md, docs/vex/consensus-json.md
  • Docs2: vex/consensus.md

Callgraph schema

  • Sources: docs/signals/callgraph-formats.md
  • Docs2: signals/callgraph-schema.md

Signal contract mapping

  • Sources: docs/architecture/signal-contract-mapping.md
  • Docs2: signals/contract-mapping.md

Unknowns ranking

  • Sources: docs/signals/unknowns-ranking.md
  • Docs2: signals/unknowns-ranking.md

Modules and services

  • Sources: docs/modules/* (architecture, README, operations, runbooks)
  • Docs2: modules/index.md

Advisory AI

  • Sources: docs/advisory-ai/*
  • Docs2: advisory-ai/overview.md

Orchestrator detail

  • Sources: docs/orchestrator/*
  • Docs2: orchestrator/overview.md, orchestrator/architecture.md, orchestrator/api.md, orchestrator/cli.md, orchestrator/console.md, orchestrator/runbook.md

Orchestrator run ledger

  • Sources: docs/orchestrator/run-ledger.md
  • Docs2: orchestrator/run-ledger.md

Operations and deployment

  • Sources: docs/21_INSTALL_GUIDE.md, docs/deploy/, docs/install/, docs/operations/, docs/runbooks/, docs/quickstart.md
  • Docs2: operations/quickstart.md, operations/install-deploy.md

Deployment versioning

  • Sources: docs/deployment/VERSION_MATRIX.md
  • Docs2: operations/deployment-versioning.md

Binary prerequisites

  • Sources: docs/ops/binary-prereqs.md
  • Docs2: operations/binary-prereqs.md

Runtime readiness

  • Sources: docs/runtime/SCANNER_RUNTIME_READINESS.md
  • Docs2: operations/runtime-readiness.md

Service SLOs

  • Sources: docs/slo/*
  • Docs2: operations/slo.md

Air-gap and offline kit

  • Sources: docs/24_OFFLINE_KIT.md, docs/10_OFFLINE_KIT.md, docs/airgap/*
  • Docs2: operations/airgap.md

Air-gap bundles and runbooks

  • Sources: docs/airgap/overview.md, docs/airgap/offline-bundle-format.md, docs/airgap/runbooks/*
  • Docs2: operations/airgap-bundles.md, operations/airgap-runbooks.md

Replay and determinism

  • Sources: docs/replay/*, docs/runbooks/replay_ops.md, docs/release/promotion-attestations.md
  • Docs2: operations/replay-and-determinism.md

Runbooks and incident response

  • Sources: docs/runbooks/, docs/operations/
  • Docs2: operations/runbooks.md, operations/key-rotation.md, operations/proof-verification.md, operations/score-proofs.md, operations/reachability.md, operations/trust-lattice.md, operations/unknowns-queue.md

Notifications

  • Sources: docs/notifications/, docs/modules/notify/
  • Docs2: operations/notifications.md

Notifications details

  • Sources: docs/notifications/overview.md, docs/notifications/rules.md, docs/notifications/channels.md, docs/notifications/templates.md, docs/notifications/digests.md, docs/notifications/pack-approvals-integration.md
  • Docs2: notifications/overview.md, notifications/rules.md, notifications/channels.md, notifications/templates.md, notifications/digests.md, notifications/pack-approvals.md, notifications/runbook.md

Router rate limiting

  • Sources: docs/router/*
  • Docs2: operations/router-rate-limiting.md

Release engineering and CI/DevOps

  • Sources: docs/13_RELEASE_ENGINEERING_PLAYBOOK.md, docs/ci/, docs/devops/, docs/release/, docs/releases/
  • Docs2: release/release-engineering.md, release/promotion-attestations.md, release/release-notes.md

API and contracts

  • Sources: docs/09_API_CLI_REFERENCE.md, docs/api/, docs/schemas/, docs/contracts/*
  • Docs2: api/overview.md, api/auth-and-tokens.md, data-and-schemas.md

Policy system

  • Sources: docs/policy/*, docs/60_POLICY_TEMPLATES.md
  • Docs2: policy/policy-system.md

Contracts and interfaces

  • Sources: docs/contracts/, docs/adr/, docs/specs/*
  • Docs2: contracts-and-interfaces.md

Scanner core contracts

  • Sources: docs/scanner-core-contracts.md
  • Docs2: contracts/scanner-core.md

Symbols specification

  • Sources: docs/specs/SYMBOL_MANIFEST_v1.md, docs/specs/symbols/*
  • Docs2: specs/symbols.md

SBOM handling

  • Sources: docs/sbom/*
  • Docs2: sbom/overview.md

Security, governance, compliance

  • Sources: docs/13_SECURITY_POLICY.md, docs/17_SECURITY_HARDENING_GUIDE.md, docs/11_GOVERNANCE.md, docs/12_CODE_OF_CONDUCT.md, docs/28_LEGAL_COMPLIANCE.md
  • Docs2: security-and-governance.md

Regulator threat and evidence model

  • Sources: docs/28_LEGAL_COMPLIANCE.md
  • Docs2: legal/regulator-threat-evidence.md

Identity, tenancy, and scopes

  • Sources: docs/security/authority-scopes.md, docs/security/scopes-and-roles.md, docs/architecture/console-admin-rbac.md
  • Docs2: security/identity-tenancy-and-scopes.md, security/multi-tenancy.md, security/row-level-security.md

Console admin RBAC

  • Sources: docs/architecture/console-admin-rbac.md
  • Docs2: security/admin-rbac.md

Crypto profiles and trust

  • Sources: docs/security/crypto-profile-configuration.md, docs/security/trust-and-signing.md, docs/security/crypto-simulation-services.md
  • Docs2: security/crypto-and-trust.md

Crypto compliance and licensing

  • Sources: docs/security/crypto-compliance.md, docs/legal/crypto-compliance-review.md
  • Docs2: security/crypto-compliance.md

Security hardening

  • Sources: docs/security/dpop-mtls-rollout.md, docs/security/password-hashing.md, docs/security/secrets-handling.md, docs/security/rate-limits.md, docs/security/notifications-hardening.md, docs/security/export-hardening.md
  • Docs2: security/operational-hardening.md

Audit events

  • Sources: docs/security/audit-events.md
  • Docs2: security/audit-events.md

Revocation bundles

  • Sources: docs/security/revocation-bundle.md, docs/security/revocation-bundle-example.json
  • Docs2: security/revocation-bundles.md

Quota and licensing

  • Sources: docs/license-jwt-quota.md, docs/30_QUOTA_ENFORCEMENT_FLOW1.md, docs/33_333_QUOTA_OVERVIEW.md
  • Docs2: security/quota-and-licensing.md

Risk model and scoring

  • Sources: docs/risk/*, docs/contracts/risk-scoring.md
  • Docs2: security/risk-model.md, risk/overview.md, risk/factors.md, risk/formulas.md, risk/profiles.md, risk/explainability.md, risk/api.md

Forensics and evidence locker

  • Sources: docs/forensics/, docs/evidence-locker/, docs/ops/evidence-locker-handoff.md
  • Docs2: security/forensics-and-evidence-locker.md, security/evidence-locker-publishing.md

Timeline forensics

  • Sources: docs/forensics/timeline.md
  • Docs2: security/timeline.md

Provenance and transparency

  • Sources: docs/provenance/, docs/security/trust-and-signing.md, docs/modules/attestor/, docs/modules/signer/*
  • Docs2: provenance/inline-provenance.md, provenance/attestation-workflow.md, provenance/rekor-policy.md, provenance/backfill.md

Database and persistence

  • Sources: docs/db/*, docs/adr/0001-postgresql-for-control-plane.md
  • Docs2: data/persistence.md, data/postgresql-operations.md, data/postgresql-patterns.md

Events and messaging

  • Sources: docs/events/, docs/samples/
  • Docs2: data/events.md

CLI and UI

  • Sources: docs/15_UI_GUIDE.md, docs/cli/, docs/ui/, docs/console/, docs/ux/
  • Docs2: cli-ui.md

CLI reference

  • Sources: docs/cli/*
  • Docs2: cli/overview.md

CLI command guides

  • Sources: docs/cli/command-reference.md, docs/cli/crypto-commands.md, docs/cli/crypto-plugins.md, docs/cli/distribution-matrix.md, docs/cli/reachability-cli-reference.md, docs/cli/drift-cli.md, docs/cli/smart-diff-cli.md, docs/cli/triage-cli.md, docs/cli/unknowns-cli-reference.md, docs/cli/score-proofs-cli-reference.md, docs/cli/sbomer.md, docs/cli/audit-pack-commands.md, docs/cli/keyboard-shortcuts.md, docs/cli/troubleshooting.md
  • Docs2: cli/commands.md, cli/crypto.md, cli/crypto-plugins.md, cli/distribution-matrix.md, cli/reachability.md, cli/triage.md, cli/unknowns.md, cli/score-proofs.md, cli/sbomer.md, cli/audit-pack.md, cli/keyboard-shortcuts.md, cli/troubleshooting.md

Console shell and navigation

  • Sources: docs/ui/console-overview.md, docs/ui/navigation.md
  • Docs2: ui/console.md, ui/navigation.md

Console workspaces

  • Sources: docs/ui/console.md, docs/ui/findings.md, docs/ui/advisories-and-vex.md, docs/ui/downloads.md, docs/ui/runs.md, docs/ui/policies.md
  • Docs2: ui/aoc-dashboard.md, ui/findings.md, ui/advisories-vex.md, ui/downloads.md, ui/runs.md, ui/policies.md

Console admin and governance

  • Sources: docs/ui/admin.md, docs/console/admin-tenants.md, docs/ui/exception-center.md
  • Docs2: ui/admin.md, ui/exception-center.md

Console SBOM and vulnerability exploration

  • Sources: docs/ui/sbom-explorer.md, docs/ui/sbom-graph-explorer.md, docs/ui/vulnerability-explorer.md, docs/ui/reachability-overlays.md
  • Docs2: ui/sbom-explorer.md, ui/sbom-graph-explorer.md, ui/vulnerability-explorer.md, ui/reachability-overlays.md

Console explainers

  • Sources: docs/ui/explainers.md
  • Docs2: ui/explainers.md

Console air-gap and attestations

  • Sources: docs/console/airgap.md, docs/console/attestor-ui.md
  • Docs2: ui/airgap.md, ui/attestor.md

Console forensics, observability, and risk

  • Sources: docs/console/forensics.md, docs/console/observability.md, docs/console/risk-ui.md
  • Docs2: ui/forensics.md, ui/observability.md, ui/risk-ui.md

Console branding and accessibility

  • Sources: docs/ui/branding.md, docs/architecture/console-branding.md, docs/accessibility.md
  • Docs2: ui/branding.md, ui/accessibility.md

Policy editor UI

  • Sources: docs/ui/policy-editor.md, docs/security/policy-governance.md
  • Docs2: ui/policy-editor.md

Triage UX

  • Sources: docs/ux/TRIAGE_UX_GUIDE.md, docs/ux/TRIAGE_UI_REDUCER_SPEC.md
  • Docs2: ui/triage.md

Console security

  • Sources: docs/security/console-security.md
  • Docs2: security/console-security.md

Approvals and exceptions

  • Sources: docs/governance/approvals-and-routing.md, docs/governance/exceptions.md
  • Docs2: governance/approvals.md, governance/exceptions.md

Developer and contribution

  • Sources: docs/DEVELOPER_ONBOARDING.md, docs/onboarding/, docs/10_PLUGIN_SDK_GUIDE.md, docs/18_CODING_STANDARDS.md, docs/contributing/, docs/devportal/publishing.md, docs/process/implementor-guidelines.md
  • Docs2: developer/onboarding.md, developer/plugin-sdk.md, developer/devportal.md, developer/implementation-guidelines.md

SDKs and clients

  • Sources: docs/sdks/*
  • Docs2: sdk/overview.md

Task packs and automation

  • Sources: docs/task-packs/*
  • Docs2: task-packs.md

Interoperability

  • Sources: docs/interop/*
  • Docs2: interop/sbom-interop.md, interop/cosign.md

Migration guidance

  • Sources: docs/migration/*
  • Docs2: migration/overview.md

Vuln Explorer overview

  • Sources: docs/vuln/*
  • Docs2: vuln-explorer/overview.md

Testing and quality

  • Sources: docs/19_TEST_SUITE_OVERVIEW.md, docs/testing/*
  • Docs2: testing-and-quality.md, testing/router-chaos.md

Observability and telemetry

  • Sources: docs/metrics/, docs/observability/, docs/modules/telemetry/, docs/technical/observability/
  • Docs2: observability.md, observability-standards.md, observability-logging.md, observability-tracing.md, observability-metrics-slos.md, observability-telemetry-controls.md, observability-aoc.md, observability-aggregation.md, observability-policy.md, observability-ui-telemetry.md, observability-vuln-telemetry.md

Benchmarks and performance

  • Sources: docs/benchmarks/*, docs/12_PERFORMANCE_WORKBOOK.md
  • Docs2: benchmarks.md

Guides and workflows

  • Sources: docs/guides/*, docs/ci/sarif-integration.md, docs/architecture/epss-versioning-clarification.md
  • Docs2: guides/compare-workflow.md, guides/epss-integration.md

Examples and fixtures

  • Sources: docs/examples/, docs/samples/, docs/schemas/*
  • Docs2: references/examples-and-fixtures.md

Training and adoption

  • Sources: docs/training/, docs/evaluate/, docs/faq/*
  • Docs2: training-and-adoption.md

Glossary

  • Sources: docs/14_GLOSSARY_OF_TERMS.md
  • Docs2: glossary.md