1.8 KiB
1.8 KiB
Tiered Scanner Precision (Imported/Executed/Tainted-Sink Tiers with PR-AUC Metrics)
Module
Scanner
Status
VERIFIED
Description
Fidelity-aware analysis with tiered precision is implemented including benchmark corpus management, metrics calculation, fidelity endpoints, and reproducibility verification.
Implementation Details
- Fidelity-Aware Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Orchestration/Fidelity/FidelityAwareAnalyzer.cs-FidelityAwareAnalyzeradjusting analysis precision based on configured fidelity tier (Imported, Executed, Tainted-Sink) with corresponding precision/recall tradeoffs
- Fidelity API:
src/Scanner/StellaOps.Scanner.WebService/Endpoints/FidelityEndpoints.cs-FidelityEndpointsREST API for querying and configuring fidelity tiers and viewing precision metrics
- Tests:
src/Scanner/__Tests/StellaOps.Scanner.Core.Tests/Fidelity/FidelityAwareAnalyzerTests.cs- Unit tests for fidelity-aware analysis including benchmark corpus and PR-AUC metric validation
E2E Test Plan
- Configure the scanner at "Imported" fidelity tier and verify it produces results with high recall but lower precision
- Configure "Executed" fidelity tier and verify results include only dependencies confirmed as loaded/executed
- Configure "Tainted-Sink" fidelity tier and verify results are restricted to vulnerabilities with confirmed data flow to sinks
- Verify fidelity endpoints return precision metrics (PR-AUC scores) for each tier against benchmark corpus
- Verify fidelity tier selection is deterministic and reproducible across identical scan inputs
Verification
| Check | Result |
|---|---|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |