4.2 KiB
4.2 KiB
Scanner Analyzers (Language-Specific and Binary)
Module
Scanner
Status
VERIFIED
Description
Extensive analyzer ecosystem covering language-specific (Ruby, Java), OS-specific (Windows WinSxS, MSI, Chocolatey, macOS Homebrew, pkgutil), and secrets analyzers.
Implementation Details
- Ruby Language Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/RubyLanguageAnalyzer.cs-RubyLanguageAnalyzerparsing Gemfile.lock, .gemspec, and gem metadata for Ruby dependency analysissrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Ruby/RubyAnalyzerPlugin.cs-RubyAnalyzerPluginregistering the Ruby analyzer in the scanner pipeline
- Windows WinSxS Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.WinSxS/WinSxSPackageAnalyzer.cs-WinSxSPackageAnalyzerdiscovering side-by-side assemblies in Windows imagessrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.WinSxS/WinSxSManifestParser.cs-WinSxSManifestParserparsing WinSxS assembly manifestssrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.WinSxS/WinSxSAssemblyMetadata.cs- Metadata model for WinSxS assembliessrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.WinSxS/WinSxSAnalyzerPlugin.cs- Plugin registration
- Windows MSI Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.Msi/MsiAnalyzerPlugin.cs-MsiAnalyzerPluginanalyzing MSI installer packages
- Windows Chocolatey Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.Chocolatey/ChocolateyAnalyzerPlugin.cs-ChocolateyAnalyzerPlugindiscovering packages installed via Chocolatey
- Secrets Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs-SecretsAnalyzerdetecting exposed secrets (API keys, tokens, passwords) in image layerssrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzerHost.cs-SecretsAnalyzerHostmanaging analyzer lifecyclesrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzerOptions.cs- Configuration options for secret detection rulessrc/Scanner/StellaOps.Scanner.Worker/Processing/Secrets/SecretsAnalyzerStageExecutor.cs-SecretsAnalyzerStageExecutorscanner pipeline stage for secrets analysis
- Secret Alert Emitter:
src/Scanner/__Libraries/StellaOps.Scanner.Core/Secrets/Alerts/SecretAlertEmitter.cs-SecretAlertEmitteremitting alerts for discovered secretssrc/Scanner/__Libraries/StellaOps.Scanner.Core/Secrets/Alerts/ISecretAlertEmitter.cs- Interface for secret alertssrc/Scanner/__Libraries/StellaOps.Scanner.Core/Secrets/Configuration/SecretExceptionMatcher.cs-SecretExceptionMatcherfor allowlisting known-safe patterns
- Tests:
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Ruby.Tests/RubyLanguageAnalyzerTests.cs- Ruby analyzer testssrc/Scanner/__Tests/StellaOps.Scanner.Analyzers.Secrets.Tests/SecretsAnalyzerTests.cs- Secrets analyzer testssrc/Scanner/__Tests/StellaOps.Scanner.Analyzers.OS.Windows.Chocolatey.Tests/ChocolateyAnalyzerPluginTests.cs- Chocolatey analyzer tests
E2E Test Plan
- Scan a container image with a Ruby application and verify
RubyLanguageAnalyzerdiscovers all gems from Gemfile.lock with correct versions - Scan a Windows container image and verify
WinSxSPackageAnalyzerdiscovers side-by-side assemblies with correct version and architecture metadata - Scan a Windows image with Chocolatey packages and verify
ChocolateyAnalyzerPluginlists all installed packages - Scan an image containing embedded secrets (test fixtures) and verify
SecretsAnalyzerdetects API keys, tokens, and passwords with correct file locations - Verify the
SecretExceptionMatchercorrectly suppresses findings that match allowlisted patterns - Verify all analyzer plugins register correctly and execute as pipeline stages in the scanner worker
Verification
| Check | Result |
|---|---|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |