# Falsification Conditions Per Finding

## Module
Scanner

## Status
VERIFIED

## Description
Each vulnerability finding includes falsification conditions -- specific criteria that would disprove the finding, enabling evidence-based triage and automatic dismissal when conditions are met.

## Implementation Details
- **Core Models**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Core/Models/FalsificationConditions.cs` - Falsification conditions model attached to findings
- **Falsifiability Generation**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Falsifiability/FalsifiabilityGenerator.cs` - Generates falsification criteria per finding
  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Falsifiability/FalsifiabilityCriteria.cs` - Criteria model defining what would disprove a finding
- **DSSE Integration**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Explainability/Dsse/ExplainabilityPredicateSerializer.cs` - Serializes falsification conditions in DSSE predicates

## E2E Test Plan
- [ ] Scan an image and verify vulnerability findings include falsification conditions
- [ ] Verify falsification criteria specify concrete conditions (e.g., "function X is not called", "package Y is not in runtime classpath")
- [ ] Verify automatic dismissal occurs when falsification conditions are met by evidence (e.g., reachability proves function is unreachable)
- [ ] Verify falsification conditions are serialized in explainability predicates
- [ ] Verify triage UI displays falsification conditions to help analysts evaluate findings

---

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |