Architecture Overview

Five-Stage Pipeline

K8sAttackMap processes a cluster through five sequential stages:

Key Design Patterns

Factory Pattern

ClusterGraphFactory is the sole constructor of the attack graph. It accepts parsed ClusterGraphData from the ingestion layer and produces a fully weighted DirectedWeightedMultigraph<GraphNode, GraphEdge>. Keeping construction centralised means the rest of the codebase never mutates the graph directly.

Strategy Pattern

Edge risk scoring uses a strategy-like approach: EdgeRiskScorer.calculateEdgeWeights(graph) iterates every edge and applies a combination of source intrinsic friction, target intrinsic friction, CVE bonuses, and security context deductions. Adding a new scoring factor means modifying a single method without touching the graph or analysis layers.

Orchestrator Pattern

AnalysisOrchestrator coordinates all five analysis phases in the correct order with explicit data dependencies. Each phase is independent — choke point ranking does not call blast radius analysis and vice versa. The orchestrator composes their results into a single AnalysisResult.

Fluent Builder

AnalysisInput uses a fluent builder to configure the analysis: source nodes, target nodes, max hops, and show-all-paths flag. This keeps the orchestrator's constructor clean and makes test setups readable.

Core Dependencies

Testing Strategy

Tests live under src/test/ mirroring the source package structure. Key principles:

• Unit tests — each module tested in isolation via TestGraphHelper fixtures
• No mocking frameworks — test graphs are built programmatically with TestGraphHelper
• Edge coverage — each analysis module has tests for normal paths, empty graphs, and edge cases
• Naming convention — *Test.java with JUnit 5 @Test annotations