git.stella-ops.org/docs/features/checked/scanner/base-image-detection-and-recommendations.md

Base Image Detection and Recommendations

Module

Scanner

Status

VERIFIED

Description

Base image detection via layer diffID fingerprinting with PostgreSQL-backed fingerprint storage and deterministic in-memory matching. The detector now supports exact and fuzzy matching, ranked recommendations, and bulk recommendation queries for multiple image references.

Implementation Details

• Core detection contract:
  • src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/IBaseImageDetector.cs
    • DetectBaseImageAsync (single-layer lookup)
    • GetRecommendationsAsync (ranked exact/fuzzy recommendations)
    • GetRecommendationsBulkAsync (bulk recommendations)
• Detector implementation:
  • src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/BaseImageDetector.cs
    • PostgreSQL-backed fingerprint persistence and load
    • deterministic in-memory index
    • fuzzy fallback by nearest layer index + lexical tie-break
• Recommendation scoring engine:
  • src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/BaseImageMatchEngine.cs
    • deterministic exact/fuzzy scoring with confidence and rationale
• Layer resolution + reuse integration:
  • src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/ILayerDigestResolver.cs
  • src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/LayerDigestResolver.cs
  • src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Resolution/LayerProvenance.cs
  • src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Reuse/ILayerReuseDetector.cs
  • src/Scanner/__Libraries/StellaOps.Scanner.Manifest/Reuse/LayerReuseDetector.cs
• DI registration:
  • src/Scanner/__Libraries/StellaOps.Scanner.Manifest/ManifestServiceCollectionExtensions.cs
• Behavioral tests:
  • src/Scanner/__Tests/StellaOps.Scanner.Core.Tests/BaseImageRecommendationTests.cs

E2E Test Plan

• Scan an image built on a known base image and verify exact base image attribution is returned.
• Verify exact layer prefix match identifies the correct base image with confidence 1.0.
• Verify fuzzy matching returns ranked recommendations when base layers are partially modified.
• Verify bulk recommendations return deterministic per-image results for multiple image references.
• Verify non-overlapping layers return no recommendations (negative path).

Verification

• Run ID: run-001
• Date (UTC): 2026-02-12
• Tier 0: Source files and symbols present (tier0-source-check.json).
• Tier 1: StellaOps.Scanner.Manifest + StellaOps.Scanner.Core.Tests build passed; focused recommendation tests passed (tier1-build-check.json, tier1-tests-base-image.log).
• Tier 2: Behavioral integration checks passed via targeted class run (tier2-e2e-check.json).