1.9 KiB
1.9 KiB
SBOM & Advisory Sample List · Vulnerability Parity · 2025-12-09
Use this list for PG-T5b.3–5b.4 parity runs (Mongo vs Postgres). Keep counts deterministic and freeze inputs once finalized.
Advisory sample (10k advisories)
- Source selection: e.g., NVD 2025-08 snapshot, OSV 2025-09, vendor feeds.
- Selection method: deterministic (sorted by source + advisory key); document exact query.
- Export path:
- SHA256 of export:
SBOM sample set
| # | SBOM path | Ecosystem | Size | Hash (SHA256) | Notes |
|---|---|---|---|---|---|
| 1 | docs/db/reports/assets/vuln-parity-20251211/sbom.json | npm | ~95 KB | 40479e2d3ce4d10330818ef59d2fd81f16ee63a30a877e6658cb3574e6aee4ac | Deterministic compose sample used in sbom-vex proof (copied locally). |
| 2 | docs/db/reports/assets/vuln-parity-20251211/sample-sbom.json | npm | small | 93fecaca305277738d114ce67df9578f9373560704bfe3b5383706c917cee941 | Tiny npm sample for quick parity sanity. |
| 3 | docs/db/reports/assets/vuln-parity-20251211/sbom-snapshot.json | mixed | 55f737b45aae67fcab1092c8df3f380566f0810a87c09a56b67fb096626f817e | Graph indexer SBOM snapshot used in tests. | |
| 4 | docs/db/reports/assets/vuln-parity-20251211/sbom-go-sample.json | go | Placeholder to add Go SBOM. | ||
| 5 | docs/db/reports/assets/vuln-parity-20251211/sbom-pypi-sample.json | pypi | Placeholder to add PyPI SBOM. | ||
| 6 | docs/db/reports/assets/vuln-parity-20251211/sbom-maven-sample.json | maven | Placeholder to add Maven/Java SBOM. | ||
| 7 | docs/db/reports/assets/vuln-parity-20251211/sbom-os-sample.json | rpm/deb | Optional OS package SBOM for coverage. |
Determinism guardrails
- Do not change sample set after hashes recorded.
- Store exports under
docs/db/reports/assets/vuln-parity-20251211/with hash manifest.