stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d2aca4c9d35d6e55bdc00195f02e81120afc7598
git.stella-ops.org/docs/features/unchecked/scanner/deterministic-diff-aware-rescans.md

2.7 KiB
Raw Blame History

Deterministic Diff-Aware Rescans (SmartDiff / Diff-Native CI)

Module

Scanner

Status

IMPLEMENTED

Description

SmartDiff with golden fixture tests, schema validation, state comparison, reachability gates, SARIF output, performance benchmarks, and layer caching for diff-native CI capability.

Implementation Details

  • SmartDiff Core:
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/SmartDiffPredicate.cs - SmartDiff predicate model
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/SmartDiffJsonSerializer.cs - JSON serialization for determinism
  • Detection Engine:
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/MaterialRiskChangeDetector.cs - Detects material risk changes between scans
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/MaterialRiskChangeResult.cs - Detection result model
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/RiskStateSnapshot.cs - Risk state snapshot for comparison
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/SmartDiffScoringConfig.cs - Scoring configuration
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/BoundaryProof.cs - Boundary proof model
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/ReachabilityGateBridge.cs - Reachability gate integration
  • VEX Candidate Emission:
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateEmitter.cs
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexCandidateModels.cs
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Detection/VexEvidence.cs
  • SARIF Output:
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifOutputGenerator.cs - SARIF 2.1.0 output for CI integration
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Output/SarifModels.cs - SARIF models
  • Attestation:
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Attestation/DeltaVerdictBuilder.cs - Builds delta verdicts
    • src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/Attestation/DeltaVerdictOciPublisher.cs - Publishes delta verdicts to OCI
  • API: src/Scanner/StellaOps.Scanner.WebService/Endpoints/SmartDiffEndpoints.cs - SmartDiff REST API

E2E Test Plan

  • Run a SmartDiff between two scan versions and verify material risk changes are detected
  • Verify golden fixture tests produce deterministic SmartDiff output
  • Verify SmartDiff schema validation passes for generated predicates
  • Verify SARIF output contains diff-aware findings suitable for CI integration
  • Verify reachability gate context is included in SmartDiff results
  • Verify VEX candidates are emitted from SmartDiff detection results
  • Verify delta verdicts can be published to OCI registry