stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
c2c6b58b416bc36020cc9d593f44c75e7401fbb7
git.stella-ops.org/docs/implplan/SPRINT_138_scanner_ruby_parity.md
master c2c6b58b41 feat: Add Promotion-Time Attestations for Stella Ops 
- Introduced a new document for promotion-time attestations, detailing the purpose, predicate schema, producer workflow, verification flow, APIs, and security considerations.
- Implemented the `stella.ops/promotion@v1` predicate schema to capture promotion evidence including image digest, SBOM/VEX artifacts, and Rekor proof.
- Defined producer responsibilities and workflows for CLI orchestration, signer responsibilities, and Export Center integration.
- Added verification steps for auditors to validate promotion attestations offline.

feat: Create Symbol Manifest v1 Specification

- Developed a specification for Symbol Manifest v1 to provide a deterministic format for publishing debug symbols and source maps.
- Defined the manifest structure, including schema, entries, source maps, toolchain, and provenance.
- Outlined upload and verification processes, resolve APIs, runtime proxy, caching, and offline bundle generation.
- Included security considerations and related tasks for implementation.

chore: Add Ruby Analyzer with Git Sources

- Created a Gemfile and Gemfile.lock for Ruby analyzer with dependencies on git-gem, httparty, and path-gem.
- Implemented main application logic to utilize the defined gems and output their versions.
- Added expected JSON output for the Ruby analyzer to validate the integration of the new gems and their functionalities.
- Developed internal observation classes for Ruby packages, runtime edges, and capabilities, including serialization logic for observations.

test: Add tests for Ruby Analyzer

- Created test fixtures for Ruby analyzer, including Gemfile, Gemfile.lock, main application, and expected JSON output.
- Ensured that the tests validate the correct integration and functionality of the Ruby analyzer with the specified gems.
2025-11-11 15:30:22 +02:00

5.4 KiB
Raw Blame History

Sprint 138 - Scanner & Surface

Phase focus: Scanner.IX — Ruby analyzer parity & supporting readiness.

  • Depends on: Sprint 137 · Scanner.VIII (gap designs locked) and Sprint 135 · Scanner.VI (EntryTrace foundations).
  • Feeds: Sprint 139 and CLI releases once Ruby analyzer + policy/CLI/licensing tracks land.
Task ID State Summary Owner / Source Depends On
SCANNER-ENG-0008 TODO Maintain EntryTrace heuristic cadence per docs/benchmarks/scanner/scanning-gaps-stella-misses-from-competitors.md, including quarterly pattern reviews + explain-trace updates. EntryTrace Guild, QA Guild (src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace)
SCANNER-ENG-0009 DOING (2025-11-02) Deliver Ruby analyzer parity and observation pipeline (lockfiles, runtime graph, policy signals) per the gap doc. Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) SCANNER-ANALYZERS-RUBY-28-001..012
SCANNER-ENG-0010 TODO Ship the PHP analyzer pipeline (composer lock, autoload graph, capability signals) to close comparison gaps. PHP Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Php) SCANNER-ANALYZERS-PHP-27-001..012
SCANNER-ENG-0011 TODO Scope the Deno runtime analyzer (lockfile resolver, import graphs) based on competitor techniques to extend beyond Sprint 130 coverage. Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Deno)
SCANNER-ENG-0012 TODO Evaluate Dart analyzer requirements (pubspec parsing, AOT artifacts) and split implementation tasks. Language Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Dart)
SCANNER-ENG-0013 TODO Plan Swift Package Manager coverage (Package.resolved, xcframeworks, runtime hints) with policy hooks. Swift Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Swift)
SCANNER-ENG-0014 TODO Align Kubernetes/VM target coverage between Scanner and Zastava per comparison findings; publish joint roadmap. Runtime Guild, Zastava Guild (docs/modules/scanner)
SCANNER-ENG-0015 DOING (2025-11-09) Document DSSE/Rekor operator enablement guidance and rollout levers surfaced in the gap analysis. Export Center Guild, Scanner Guild (docs/modules/scanner)
SCANNER-ENG-0016 DONE (2025-11-10) RubyLockCollector and vendor ingestion finalized: Bundler config overrides honoured, workspace lockfiles merged, vendor bundles normalised, and deterministic fixtures added. Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) SCANNER-ENG-0009
SCANNER-ENG-0017 DONE (2025-11-09) Build the runtime require/autoload graph builder with tree-sitter Ruby per design §4.4 and integrate EntryTrace hints. Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) SCANNER-ENG-0016
SCANNER-ENG-0018 DONE (2025-11-09) Emit Ruby capability + framework surface signals as defined in design §4.5 with policy predicate hooks. Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) SCANNER-ENG-0017
SCANNER-ENG-0019 DOING (2025-11-10) Ship Ruby CLI verbs (`stella ruby inspect resolve`) and Offline Kit packaging per design §4.6. Ruby Analyzer Guild, CLI Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby)
SCANNER-LIC-0001 DONE (2025-11-10) Tree-sitter licensing captured, NOTICE.md updated, and Offline Kit now mirrors third-party-licenses/ with ruby artifacts. Scanner Guild, Legal Guild (docs/modules/scanner) SCANNER-ENG-0016
SCANNER-POLICY-0001 DONE (2025-11-10) Ruby predicates shipped: Policy Engine exposes sbom.any_component + ruby.*, tests updated, DSL/offline-kit docs refreshed. Policy Guild, Ruby Analyzer Guild (docs/modules/scanner) SCANNER-ENG-0018
SCANNER-CLI-0001 DONE (2025-11-10) Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) SCANNER-ENG-0019

Updates — 2025-11-09

  • SCANNER-CLI-0001: Completed Spectre table wrapping fix for runtime/lockfile columns, expanded Ruby resolve JSON assertions, removed ad-hoc debug artifacts, and drafted CLI docs covering stellaops-cli ruby inspect|resolve. Pending: final verification + handoff once docs/tests merge.
  • SCANNER-CLI-0001: Wired stellaops-cli ruby inspect|resolve into CommandFactory so the verbs are available via System.CommandLine with the expected --root, --image/--scan-id, and --format options; dotnet test ... --filter Ruby passes.
  • SCANNER-CLI-0001: Added CLI unit tests (CommandFactoryTests, Ruby inspect JSON assertions) to guard the new verbs and runtime metadata output; dotnet test src/Cli/__Tests/StellaOps.Cli.Tests/StellaOps.Cli.Tests.csproj --filter "CommandFactoryTests|Ruby" now covers the CLI surface.
  • SCANNER-ENG-0016: 2025-11-10 — Completed Ruby lock collector and vendor ingestion work: honour .bundle/config overrides, fold workspace lockfiles, emit bundler groups, add Ruby analyzer fixtures/goldens (including new git/path offline kit mirror), and dotnet test ... --filter Ruby passes.
  • SCANNER-ENG-0009: Emitted observation payload + ruby-observation component summarising packages, runtime edges, and capability flags for Policy/Surface exports; fixtures updated for determinism and Offline Kit now ships the observation JSON.