stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
822a92faeebbceea6fa005b7eddb7572a8b29b41
git.stella-ops.org/docs/features/checked/scanner/os-rootfs-fingerprint-and-surface-cache.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

1.5 KiB
Raw Blame History

OS Rootfs Fingerprint and Surface Cache

Module

Scanner

Status

VERIFIED

Description

Root filesystem fingerprinting to uniquely identify OS layers, paired with a surface cache that avoids re-analyzing unchanged OS layers across scans.

Implementation Details

  • Rootfs Fingerprinting:
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS/Internal/OsRootfsFingerprint.cs - OsRootfsFingerprint generates unique fingerprints for OS root filesystem layers based on package database state
  • Surface Cache:
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS/Internal/OsAnalyzerSurfaceCache.cs - OsAnalyzerSurfaceCache caches OS analysis results keyed by rootfs fingerprint, avoiding re-analysis of unchanged OS layers

E2E Test Plan

  • Scan a container image and verify an OS rootfs fingerprint is generated based on the package database state
  • Rescan the same image and verify the surface cache returns cached results without re-analyzing the OS layer
  • Scan a different image sharing the same base OS layer and verify the cache hit reuses previously computed results
  • Scan an image with a modified OS layer and verify the cache miss triggers fresh OS analysis
  • Verify fingerprint stability (same layer produces identical fingerprints across scans)

Verification

Check Result
Tier 0 - Source files exist PASS
Tier 1 - Build + code review PASS
Tier 2 - Integration tests PASS
Verified 2026-02-13T18:10:00Z