stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Details
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Details
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Details
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Details
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Details
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Details
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-13 18:08:55 +02:00
parent 6e45066e37
commit f1a39c4ce3
234 changed files with 24038 additions and 6910 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/ServiceCollectionExtensions.cs
View File

@@ -3,6 +3,9 @@ using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Options;
using StellaOps.Scanner.EntryTrace.Diagnostics;
using StellaOps.Scanner.EntryTrace.Runtime;
using StellaOps.Scanner.EntryTrace.Semantic;
using StellaOps.Scanner.EntryTrace.Semantic.Adapters;
using StellaOps.Scanner.EntryTrace.Semantic.Analysis;
namespace StellaOps.Scanner.EntryTrace;
@@ -29,4 +32,83 @@ public static class ServiceCollectionExtensions
services.TryAddSingleton<IEntryTraceResultStore, NullEntryTraceResultStore>();
return services;
}
/// <summary>
/// Adds entry trace analyzer with integrated semantic analysis.
/// </summary>
/// <remarks>
/// Part of Sprint 0411 - Semantic Entrypoint Engine (Task 17).
/// </remarks>
public static IServiceCollection AddSemanticEntryTraceAnalyzer(
this IServiceCollection services,
Action<EntryTraceAnalyzerOptions>? configure = null,
Action<SemanticAnalysisOptions>? configureSemantic = null)
{
if (services is null)
{
throw new ArgumentNullException(nameof(services));
}
// Add base entry trace analyzer
services.AddEntryTraceAnalyzer(configure);
// Add semantic analysis options
services.AddOptions<SemanticAnalysisOptions>()
.BindConfiguration(SemanticAnalysisOptions.SectionName);
if (configureSemantic is not null)
{
services.Configure(configureSemantic);
}
// Register semantic analysis components
services.TryAddSingleton<CapabilityDetector>();
services.TryAddSingleton<ThreatVectorInferrer>();
services.TryAddSingleton<DataBoundaryMapper>();
// Register language adapters
services.TryAddEnumerable(ServiceDescriptor.Singleton<ISemanticEntrypointAnalyzer, PythonSemanticAdapter>());
services.TryAddEnumerable(ServiceDescriptor.Singleton<ISemanticEntrypointAnalyzer, JavaSemanticAdapter>());
services.TryAddEnumerable(ServiceDescriptor.Singleton<ISemanticEntrypointAnalyzer, NodeSemanticAdapter>());
services.TryAddEnumerable(ServiceDescriptor.Singleton<ISemanticEntrypointAnalyzer, DotNetSemanticAdapter>());
services.TryAddEnumerable(ServiceDescriptor.Singleton<ISemanticEntrypointAnalyzer, GoSemanticAdapter>());
// Register orchestrator
services.TryAddSingleton<SemanticEntrypointOrchestrator>(sp =>
{
var adapters = sp.GetServices<ISemanticEntrypointAnalyzer>().ToList();
var capabilityDetector = sp.GetRequiredService<CapabilityDetector>();
var threatInferrer = sp.GetRequiredService<ThreatVectorInferrer>();
var boundaryMapper = sp.GetRequiredService<DataBoundaryMapper>();
return new SemanticEntrypointOrchestrator(adapters, capabilityDetector, threatInferrer, boundaryMapper);
});
// Register semantic entry trace analyzer
services.TryAddSingleton<ISemanticEntryTraceAnalyzer, SemanticEntryTraceAnalyzer>();
return services;
}
}
/// <summary>
/// Options for semantic analysis behavior.
/// </summary>
public sealed class SemanticAnalysisOptions
{
public const string SectionName = "Scanner:EntryTrace:Semantic";
/// <summary>Whether semantic analysis is enabled.</summary>
public bool Enabled { get; set; } = true;
/// <summary>Minimum confidence threshold for threat vectors (0.0-1.0).</summary>
public double ThreatConfidenceThreshold { get; set; } = 0.3;
/// <summary>Maximum number of threat vectors to emit per entrypoint.</summary>
public int MaxThreatVectors { get; set; } = 50;
/// <summary>Whether to include low-confidence capabilities.</summary>
public bool IncludeLowConfidenceCapabilities { get; set; } = false;
/// <summary>Languages to include in semantic analysis (empty = all).</summary>
public IReadOnlyList<string> EnabledLanguages { get; set; } = Array.Empty<string>();
}