stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/progressive-fidelity-scan-mode.md

1.6 KiB
Raw Blame History

Progressive Fidelity Scan Mode (Quick/Standard/Deep)

Module

Scanner

Status

IMPLEMENTED

Description

Allows users to select scan depth (Quick/Standard/Deep) with a FidelityAwareAnalyzer that adjusts analysis precision and an upgrade endpoint to promote results to higher fidelity. Distinct from "Tiered Scanner Precision" which describes imported/executed/tainted-sink PR-AUC tiers -- this is about user-selectable scan depth modes.

Implementation Details

  • Fidelity-Aware Analyzer:
    • src/Scanner/__Libraries/StellaOps.Scanner.Orchestration/Fidelity/FidelityAwareAnalyzer.cs - FidelityAwareAnalyzer adjusts analysis precision based on the selected scan depth mode (Quick/Standard/Deep)
  • Fidelity Endpoints:
    • src/Scanner/StellaOps.Scanner.WebService/Endpoints/FidelityEndpoints.cs - FidelityEndpoints provides API for selecting scan depth and upgrading scan results to higher fidelity

E2E Test Plan

  • Trigger a Quick scan and verify it completes faster with reduced analysis depth (SBOM only, no reachability)
  • Trigger a Standard scan and verify it includes SBOM generation plus basic vulnerability matching
  • Trigger a Deep scan and verify it includes full reachability analysis, call graph extraction, and binary intelligence
  • Use the upgrade endpoint to promote Quick scan results to Standard and verify additional analysis is performed
  • Use the upgrade endpoint to promote Standard to Deep and verify full reachability analysis is appended
  • Verify the selected scan depth is recorded in scan metadata for auditability