Replay & Diff System

Leverage continuous security state regression testing, run snapshot diffing, and automated vulnerability replays inside your developer pipeline.

Mental Model

A fundamental weakness of security scanning is the lack of historical continuity. Traditional tools scan targets as if they were fresh, blank slates, failing to recognize regressions, mutations, or resolved posture states.

VScanX solves this by introducing a **Replay & Diff System**. Every scan output is indexed as a serialized state snapshot to disk (saved inside ~/.vscanx/runs/). Developers can perform rapid state regression tracking:

  • Replay Engine: Triggers the exact validation payload cached in a historical run, checking if a patched vulnerability has been re-introduced.
  • Diff Engine: Compares two run state snapshots ($S_A \rightarrow S_B$) to isolate precisely what security elements mutated, resolving target anomalies and highlighting fresh exposures.

Snapshot Storage & Run Indexing

When VScanX completes an audit cycle, it serializes its findings and network metadata schema into a dynamic run file. Run snapshots are saved inside a hidden local system index:

# State storage directory structure ~/.vscanx/runs/ ├── run_291A_web.json ├── run_404C_network.json └── run_701D_web3.json

These run snapshots store the exact URL, verification inputs, parameters, and expected response payloads, allowing the replay engine to validate reproducibility instantly.

The State Diff Engine

The delta comparison algorithm resides inside core/state/diff.py. By calling the CLI with the --diff flag, developers can calculate comparative mutations between scan cycles:

python vscanx.py --diff run_291A run_291B

The following is a realistic JSON diff snapshot output, documenting a security posture transition where a weak SSL cipher suite was successfully resolved, but a critical open redirect regression was introduced:

{
  "run_source": "run_291A",
  "run_comparison": "run_291B",
  "deltas": [
    {
      "module": "modules.network.crypto_tls",
      "type": "WEAK_CIPHER_ALLOWED",
      "mutation": "RESOLVED",
      "evidence": "3DES/RC4 cipher suites disabled successfully."
    },
    {
      "module": "modules.web.open_redirect",
      "type": "REDIRECT_BYPASS_VERIFIED",
      "mutation": "INTRODUCED",
      "evidence": "Parameter 'next' accepts dynamic http://malicious-redirect.io redirection payload."
    }
  ]
}

Continuous Integration Pipeline Integration

Because VScanX is engineered for engineering pipelines, you can run automated vulnerability regressions inside your GitHub Actions workflows.

The following GitHub Actions YAML demonstrates running a regression test using historical snapshots, failing the pipeline immediately if a critical reproducible finding is reintroduced:

name: Continuous Security Regression  on: push: branches: [ main ] pull_request: branches: [ main ]  jobs: security-audit: runs-on: ubuntu-latest steps: - name: Checkout Source Code uses: actions/checkout@v3  - name: Setup Python environment uses: actions/setup-python@v4 with: python-version: '3.11'  - name: Install dependencies run: | pip install -r requirements.txt  - name: Execute Security State Replays run: | # Replay historical verified run snapshot python vscanx.py --replay run_291A_web.json --fail-on-critical