2170a58734
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Lighthouse CI / Lighthouse Audit (push) Has been cancelled
Lighthouse CI / Axe Accessibility Audit (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
- Implemented tests for Cryptographic Failures (A02) to ensure proper handling of sensitive data, secure algorithms, and key management. - Added tests for Security Misconfiguration (A05) to validate production configurations, security headers, CORS settings, and feature management. - Developed tests for Authentication Failures (A07) to enforce strong password policies, rate limiting, session management, and MFA support. - Created tests for Software and Data Integrity Failures (A08) to verify artifact signatures, SBOM integrity, attestation chains, and feed updates.
Load Tests
This directory contains k6 load test suites for StellaOps performance testing.
Prerequisites
- k6 installed
- Target environment accessible
- (Optional) Grafana k6 Cloud for distributed testing
Test Suites
TTFS Load Test (ttfs-load-test.js)
Tests the Time to First Signal endpoint under various load conditions.
Scenarios:
- Sustained: 50 RPS for 5 minutes (normal operation)
- Spike: Ramp from 50 to 200 RPS, hold, ramp down (CI burst simulation)
- Soak: 25 RPS for 15 minutes (stability test)
Thresholds (per Advisory §12.4):
- Cache-hit P95 ≤ 250ms
- Cold-path P95 ≤ 500ms
- Error rate < 0.1%
Run locally:
k6 run tests/load/ttfs-load-test.js
Run against staging:
k6 run --env BASE_URL=https://staging.stellaops.local \
--env AUTH_TOKEN=$STAGING_TOKEN \
tests/load/ttfs-load-test.js
Run with custom run IDs:
k6 run --env BASE_URL=http://localhost:5000 \
--env RUN_IDS='["run-1","run-2","run-3"]' \
tests/load/ttfs-load-test.js
CI Integration
Load tests can be integrated into CI pipelines. See .gitea/workflows/load-test.yml for an example.
load-test-ttfs:
runs-on: ubuntu-latest
needs: [deploy-staging]
steps:
- uses: grafana/k6-action@v0.3.1
with:
filename: tests/load/ttfs-load-test.js
env:
BASE_URL: ${{ secrets.STAGING_URL }}
AUTH_TOKEN: ${{ secrets.STAGING_TOKEN }}
Results
Test results are written to results/ttfs-load-test-latest.json and timestamped files.
Use Grafana Cloud or local Prometheus + Grafana to visualize results:
k6 run --out json=results/metrics.json tests/load/ttfs-load-test.js
Writing New Load Tests
- Create a new
.jsfile in this directory - Define scenarios, thresholds, and the default function
- Use custom metrics for domain-specific measurements
- Add handleSummary for result export
- Update this README
Environment Variables
| Variable | Description | Default |
|---|---|---|
BASE_URL |
Target API base URL | http://localhost:5000 |
RUN_IDS |
JSON array of run IDs to test | ["run-load-1",...,"run-load-5"] |
TENANT_ID |
Tenant ID header value | load-test-tenant |
AUTH_TOKEN |
Bearer token for authentication | (none) |