Finish scans before your coffee cools
Stella Ops completes a warm SBOM‑first scan in ≈ 5 s on a 4‑vCPU runner and keeps cold‑path "first run" images below 30 s. Less waiting, more shipping.
How we squeeze the seconds out
SBOM‑first fast‑path
If your build already emits an SPDX or CycloneDX SBOM, Stella Ops skips layer unpacking and jumps straight to CVE correlation.
Δ‑SBOM diff engine
Only what changed gets re‑analysed. A 10‑layer image with one updated library scans in ≈ 1 s.
Hot cache
Redis LRU keeps the last 2 048 SBOMs in RAM — 0.3 ms look‑up for repeat builds.
Parallel walkers
.NET async pipelines overlap layer de‑compression with vuln‑look‑ups.
Real‑world benchmarks (4 vCPU / 8 GiB VM)
| Image (public) | Scenario | Stella Ops v0.1‑α | Trivy 0.51 |
|---|---|---|---|
| nginx:1.26‑alpine | warm SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software | 4.7 s | 12.4 s |
| python:3.12‑slim | cold (Δ‑SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software off) | 18.9 s | 31.8 s |
| bank‑api:prod@sha256:… | Δ‑SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software (1‑layer delta) | 1.2 s | 15.0 s |
Figures averaged over 20 runs; full methodology lives in the benchmarks repo.
5 s
Warm‑path average scan time
Do I need to ship an SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software?
No — Stella Ops can generate one, but providing CycloneDXAn open standard format for software bill of materials (SBOM) used across the industry or SPDXSoftware Package Data Exchange - another open standard format for SBOMs, widely used in open source during the build shaves 60 – 80 % off runtime.Read more
Do I need to ship an SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software?
No — Stella Ops can generate one, but providing
Read moreCycloneDXAn open standard format for software bill of materials (SBOM) used across the industry or SPDXSoftware Package Data Exchange - another open standard format for SBOMs, widely used in open source during the build shaves 60 – 80 % off runtime.No — Stella Ops can generate one, but providing
CycloneDXAn open standard format for software bill of materials (SBOM) used across the industry or SPDXSoftware Package Data Exchange - another open standard format for SBOMs, widely used in open source during the build shaves 60 – 80 % off runtime.How does Δ‑SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software stay accurate?
Each layer digest is hashed; if any layer differs, Stella Ops falls back to a full scan to prevent false‑negatives, then caches the fresh SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software.Read more
How does Δ‑SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software stay accurate?
Each layer digest is hashed; if any layer differs, Stella Ops falls back to a full scan to prevent false‑negatives, then caches the fresh
Read moreSBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software.Each layer digest is hashed; if any layer differs, Stella Ops falls back to a full scan to prevent false‑negatives, then caches the fresh
SBOMSoftware Bill of Materials - a complete list of all packages and dependencies in your software.