stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
b851aa8300b7febfb2e661443c8e39df13fa4e22
git.stella-ops.org/docs/features/checked/scanner/entrytrace-unified-entrypoint-analysis-framework.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

3.4 KiB
Raw Blame History

EntryTrace Unified Entrypoint Analysis Framework

Module

Scanner

Status

VERIFIED

Description

Unified entrypoint detection and analysis framework that orchestrates semantic, temporal, mesh, speculative, binary, and risk analysis into a single EntryTrace pipeline with baseline comparison, caching, and serialization support.

Implementation Details

  • Core Analyzer:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/IEntryTraceAnalyzer.cs - Interface
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceAnalyzer.cs - Main analyzer orchestrating all sub-analyses
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceContext.cs - Context model
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceResult.cs - Result model
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceTypes.cs - Type definitions
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceAnalyzerOptions.cs - Options
  • Semantic Analysis: src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Semantic/ - Semantic entrypoint analysis with language adapters
  • Temporal Analysis: src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Temporal/ - Temporal entrypoint drift detection
  • Mesh Analysis: src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Mesh/ - Docker Compose and Kubernetes mesh entrypoint analysis
  • Speculative Execution: src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Speculative/ - Symbolic execution for path enumeration
  • Binary Intelligence: src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/ - Function-level binary analysis
  • Risk Scoring: src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Risk/ - Composite risk scoring
  • Baseline Comparison: src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Baseline/ - Baseline analysis and comparison
  • Caching:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceCacheEnvelope.cs - Cache envelope model
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/EntryTraceCacheSerializer.cs - Cache serialization
  • Serialization:
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Serialization/EntryTraceGraphSerializer.cs - Graph serialization
    • src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Serialization/EntryTraceNdjsonWriter.cs - NDJSON writer
  • Worker Integration:
    • src/Scanner/StellaOps.Scanner.Worker/Processing/EntryTraceExecutionService.cs - Entry trace execution during scan
  • API: src/Scanner/StellaOps.Scanner.WebService/Contracts/EntryTraceResponse.cs - API response contracts

E2E Test Plan

  • Scan a container image and verify the EntryTrace pipeline produces unified results combining semantic, binary, and mesh analysis
  • Verify temporal drift detection identifies changed entrypoints between scan versions
  • Verify mesh analysis discovers Docker Compose / Kubernetes service entrypoints
  • Verify speculative execution enumerates possible execution paths from entrypoints
  • Verify baseline comparison highlights new/removed/changed entrypoints
  • Verify caching reduces analysis time on subsequent scans of the same image
  • Verify entry trace results are available via GET /api/v1/scans/{scanId}/entry-trace

Verification

Check Result
Tier 0 - Source files exist PASS
Tier 1 - Build + code review PASS
Tier 2 - Integration tests PASS
Verified 2026-02-13T18:10:00Z