stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
docs/features/checked/scanner/proc-snapshot-collectors.md Normal file
View File

@@ -0,0 +1,39 @@
# Proc Snapshot Collectors (Java/DotNet/PHP Runtime Inventory)
## Module
Scanner
## Status
VERIFIED
## Description
Runtime process snapshot collection for Java classpath, .NET assemblies, and PHP autoload paths, providing runtime-observed library inventories that feed into SBOM reconciliation.
## Implementation Details
- **Process Snapshot**:
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/ProcFileSystemSnapshot.cs` - `ProcFileSystemSnapshot` collects runtime process state from /proc filesystem entries (Java classpath, .NET assemblies, PHP autoload paths)
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/ProcProcess.cs` - `ProcProcess` model representing a discovered runtime process with its loaded libraries
- **Process Graph**:
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/ProcGraph.cs` - `ProcGraph` represents the runtime process dependency graph
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/ProcGraphBuilder.cs` - `ProcGraphBuilder` constructs the process graph from snapshot data
- **Reconciliation**:
- `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Runtime/EntryTraceRuntimeReconciler.cs` - `EntryTraceRuntimeReconciler` reconciles runtime-observed libraries with static SBOM analysis
## E2E Test Plan
- [ ] Collect a process snapshot from a running Java container and verify classpath entries are captured
- [ ] Collect a process snapshot from a running .NET container and verify loaded assembly paths are captured
- [ ] Collect a process snapshot from a running PHP container and verify autoload paths are captured
- [ ] Verify the runtime reconciler correctly matches runtime-observed libraries to static SBOM components
- [ ] Verify runtime-observed libraries not in the static SBOM are flagged as "runtime-only" discoveries
- [ ] Verify the process graph correctly models parent-child process relationships
---
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |