24 lines
1.3 KiB
Markdown
24 lines
1.3 KiB
Markdown
# Multi-scanner Comparative Benchmarking
|
|
|
|
## Status
|
|
NOT_FOUND
|
|
|
|
## Description
|
|
Advisory describes a benchmarking protocol comparing StellaOps scan results against Trivy/Grype/Snyk with precision/recall metrics. No CLI comparison tool or benchmark harness found.
|
|
|
|
## Why Not Implemented
|
|
- No dedicated CLI comparison tool or multi-scanner benchmark harness found
|
|
- A `compare.py` script exists at `src/__Tests/__Benchmarks/tools/compare.py` but it appears to be a general comparison utility, not a full multi-scanner benchmarking protocol
|
|
- The Bench module (`src/Bench/`) has benchmarking infrastructure (LinkNotMerge scenarios, Prometheus reporting) but not scanner comparison harnesses
|
|
- Golden corpus exists at `src/__Tests/__Benchmarks/golden-corpus/` with VEX scenarios and severity levels, which could serve as ground truth for scanner comparison
|
|
- The Scanner module has its own benchmark and test infrastructure but does not compare against external scanners (Trivy/Grype/Snyk)
|
|
- This would require external scanner integration which conflicts with the offline-first posture
|
|
|
|
## Source
|
|
- Feature matrix scan
|
|
|
|
## Notes
|
|
- Module: Bench
|
|
- Modules referenced: N/A
|
|
- Related: `src/__Tests/__Benchmarks/tools/compare.py` (comparison utility), `src/__Tests/__Benchmarks/golden-corpus/` (ground truth data)
|