3.4 KiB
3.4 KiB
EntryTrace Unified Entrypoint Analysis Framework
Module
Scanner
Status
VERIFIED
Description
Unified entrypoint detection and analysis framework that orchestrates semantic, temporal, mesh, speculative, binary, and risk analysis into a single EntryTrace pipeline with baseline comparison, caching, and serialization support.
Implementation Details
- Core Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/IEntryTraceAnalyzer.cs- Interfacesrc/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceAnalyzer.cs- Main analyzer orchestrating all sub-analysessrc/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceContext.cs- Context modelsrc/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceResult.cs- Result modelsrc/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceTypes.cs- Type definitionssrc/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceAnalyzerOptions.cs- Options
- Semantic Analysis:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Semantic/- Semantic entrypoint analysis with language adapters - Temporal Analysis:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Temporal/- Temporal entrypoint drift detection - Mesh Analysis:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Mesh/- Docker Compose and Kubernetes mesh entrypoint analysis - Speculative Execution:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/- Symbolic execution for path enumeration - Binary Intelligence:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/- Function-level binary analysis - Risk Scoring:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Risk/- Composite risk scoring - Baseline Comparison:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Baseline/- Baseline analysis and comparison - Caching:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceCacheEnvelope.cs- Cache envelope modelsrc/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceCacheSerializer.cs- Cache serialization
- Serialization:
src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Serialization/EntryTraceGraphSerializer.cs- Graph serializationsrc/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Serialization/EntryTraceNdjsonWriter.cs- NDJSON writer
- Worker Integration:
src/Scanner/StellaOps.Scanner.Worker/Processing/EntryTraceExecutionService.cs- Entry trace execution during scan
- API:
src/Scanner/StellaOps.Scanner.WebService/Contracts/EntryTraceResponse.cs- API response contracts
E2E Test Plan
- Scan a container image and verify the EntryTrace pipeline produces unified results combining semantic, binary, and mesh analysis
- Verify temporal drift detection identifies changed entrypoints between scan versions
- Verify mesh analysis discovers Docker Compose / Kubernetes service entrypoints
- Verify speculative execution enumerates possible execution paths from entrypoints
- Verify baseline comparison highlights new/removed/changed entrypoints
- Verify caching reduces analysis time on subsequent scans of the same image
- Verify entry trace results are available via
GET /api/v1/scans/{scanId}/entry-trace
Verification
| Check | Result |
|---|---|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |