stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/features/unchecked/runtimeinstrumentation/tetragon-ebpf-runtime-instrumentation-bridge.md Normal file
View File

@@ -0,0 +1,26 @@
# Tetragon/eBPF Runtime Instrumentation Bridge (Runtime Witnesses, Build Correlation)
## Module
RuntimeInstrumentation
## Status
IMPLEMENTED
## Description
Tetragon-based eBPF runtime instrumentation with event adaptation, witness bridging, frame canonicalization, privacy filtering, hot-symbol tracking, stack sampling, and runtime correlation to build artifacts for runtime reachability analysis.
## Implementation Details
- **Runtime Traces Endpoints**: `src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/RuntimeTracesEndpoints.cs` -- REST endpoints for ingesting runtime trace data from Tetragon/eBPF instrumentation.
- **Runtime Timeline Endpoints**: `src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/RuntimeTimelineEndpoints.cs` -- endpoints for querying runtime event timelines correlated with build artifacts.
- **Runtime Traces Contracts**: `src/Findings/StellaOps.Findings.Ledger.WebService/Contracts/RuntimeTracesContracts.cs` -- DTOs for runtime trace events including stack frames, symbol data, and correlation metadata.
- **Runtime Signal Ingester**: `src/Unknowns/__Libraries/StellaOps.Unknowns.Core/Services/RuntimeSignalIngester.cs` -- ingests runtime signals from eBPF probes and correlates them with known vulnerability findings.
- **Null Runtime Traces Service**: `src/Findings/StellaOps.Findings.Ledger.WebService/Services/NullRuntimeTracesService.cs` -- no-op implementation for environments without runtime instrumentation.
- **Signal Snapshot Builder**: `src/Findings/StellaOps.Findings.Ledger/Observations/SignalSnapshotBuilder.cs` -- builds snapshots of runtime signals for replay and audit.
## E2E Test Plan
- [ ] Submit a runtime trace event from Tetragon (stack frames with symbol data) via the runtime traces endpoint and verify it is persisted and queryable
- [ ] Correlate a runtime trace with a build artifact: submit trace data referencing a package and verify the timeline endpoint shows the runtime observation linked to the build artifact's SBOM entry
- [ ] Verify privacy filtering: submit a trace with user-space memory addresses and confirm they are canonicalized or stripped before storage
- [ ] Verify hot-symbol tracking: submit multiple traces for the same symbol and verify the timeline aggregates them with frequency counts
- [ ] Verify the null runtime traces service handles requests without errors when runtime instrumentation is disabled
- [ ] Query the runtime timeline for a time range and verify events are returned in chronological order with correct correlation metadata