Output Format¶
component-architecture.json¶
The core output format. Contains all data extracted by the 22 extractors.
Top-level structure¶
{
"component": "my-operator",
"repo": "github.com/org/my-operator",
"extracted_at": "2026-04-14T10:30:00Z",
"analyzer_version": "0.2.0",
"crds": [],
"rbac": {},
"services": [],
"deployments": [],
"network_policies": [],
"controller_watches": {},
"dependencies": {},
"secrets_referenced": [],
"dockerfiles": [],
"helm": {},
"webhooks": [],
"configmaps": [],
"http_endpoints": [],
"ingress_routing": [],
"external_connections": [],
"feature_gates": [],
"cache_config": {},
"operator_config": [],
"reconcile_sequences": [],
"prometheus_metrics": [],
"status_conditions": [],
"platform_detection": {}
}
Key types¶
CRD¶
{
"group": "datasciencecluster.opendatahub.io",
"version": "v1",
"kind": "DataScienceCluster",
"scope": "Cluster",
"field_count": 42,
"cel_rules": 3,
"source_file": "config/crd/bases/datasciencecluster.yaml"
}
RBAC¶
{
"cluster_roles": [
{
"name": "manager-role",
"rules": [
{
"api_groups": [""],
"resources": ["secrets"],
"verbs": ["get", "list", "watch"]
}
],
"source": "config/rbac/role.yaml"
}
],
"role_bindings": [],
"kubebuilder_markers": []
}
Controller Watches¶
{
"controllers": [
{
"name": "DSCController",
"file": "controllers/dsc_controller.go",
"for": {
"group": "datasciencecluster.opendatahub.io",
"version": "v1",
"kind": "DataScienceCluster"
},
"owns": [
{ "group": "apps", "version": "v1", "kind": "Deployment" }
],
"watches": [
{ "group": "", "version": "v1", "kind": "ConfigMap" }
]
}
]
}
Dependencies¶
{
"go_version": "1.25",
"toolchain": "go1.25.0",
"go_modules": [
{ "module": "sigs.k8s.io/controller-runtime", "version": "v0.23.3" }
],
"replace_directives": [
{
"original": "github.com/org/old-module",
"replacement": "github.com/org/new-module",
"version": "v1.2.0"
}
],
"internal_odh": [
{
"component": "opendatahub-operator",
"interaction": "Go module dependency: github.com/opendatahub-io/opendatahub-operator/v2"
}
]
}
External Connections¶
[
{
"type": "database",
"service": "postgres",
"target": "postgres://***@db.example.com:5432/mydb",
"source": "pkg/storage/db.go:42",
"function": "NewStore"
},
{
"type": "messaging",
"service": "kafka",
"target": "",
"source": "pkg/events/producer.go:18",
"function": "InitProducer"
}
]
Feature Gates¶
[
{
"name": "PipelineReuse",
"default": true,
"pre_release": "Beta",
"source": "pkg/features/gates.go:15"
},
{
"name": "ExperimentalAPI",
"default": false,
"pre_release": "Alpha",
"source": "pkg/features/gates.go:16"
},
{
"name": "DebugMode",
"default": true,
"source": "cmd/main.go:42",
"runtime_set": true
}
]
Cache Config¶
{
"scope": "cluster",
"filtered_types": ["ConfigMap", "Secret"],
"disabled_types": [],
"implicit_informers": [
{
"type": "Namespace",
"source": "controllers/dsc_controller.go:145",
"reason": "client.Get call for unwatched type"
}
],
"gomemlimit": "512MiB",
"container_memory_limit": "1Gi",
"default_transform": false,
"findings": [
{
"severity": "warning",
"message": "Missing DefaultTransform - managedFields consuming extra memory",
"recommendation": "Add cache.DefaultTransform to strip managedFields"
}
]
}
Operator Config¶
[
{
"name": "DefaultDeploymentServiceAccount",
"value": "ds-pipeline",
"category": "name_pattern",
"source": "controllers/dsp_params.go"
},
{
"name": "APIServerImage",
"value": "quay.io/opendatahub/ds-pipelines-api-server",
"category": "image",
"source": "controllers/config/defaults.go"
}
]
Reconcile Sequences¶
[
{
"controller": "DSPAReconciler",
"steps": [
{
"method": "ReconcileDatabase",
"component": "Database",
"conditional": "p.DatabaseHealthy()",
"source": "controllers/dspa_controller.go:85"
},
{
"method": "ReconcileStorage",
"component": "Storage",
"source": "controllers/dspa_controller.go:92"
}
],
"source": "controllers/dspa_controller.go"
}
]
Prometheus Metrics¶
[
{
"name": "dspo_reconciliation_duration_seconds",
"type": "histogram",
"help": "Time taken to reconcile a DSPA resource",
"labels": ["dspa_name", "dspa_namespace"],
"namespace": "dspo",
"source": "controllers/metrics.go"
}
]
Status Conditions¶
[
{
"type": "DatabaseAvailable",
"reasons": ["DatabaseCreated", "DatabaseFailed", "ExternalDBInUse"],
"source": "controllers/status.go"
}
]
Platform Detection¶
{
"capabilities": [
{
"name": "IsOpenShift",
"check": "whether the cluster is OpenShift",
"source": "pkg/config/platform.go"
}
],
"conditionals": [
{
"condition": "p.IsOpenShift",
"resource_kind": "Route",
"action": "create",
"source": "controllers/reconciler.go"
}
]
}
code-graph.json¶
The code property graph output. Contains all nodes, edges, basic blocks, and optionally taint findings.
Top-level structure¶
Node¶
{
"id": "pkg/handler/auth.go::HandleLogin",
"kind": "Function",
"name": "HandleLogin",
"file": "pkg/handler/auth.go",
"line": 42,
"end_line": 85,
"language": "go",
"type_name": "",
"complexity": 8,
"param_names": ["w", "r"],
"param_types": ["http.ResponseWriter", "*http.Request"],
"return_type": "",
"trust_level": "untrusted",
"is_test": false,
"annotations": {
"handles_user_input": true,
"sec:handles_request": true
}
}
Node kinds: File, Function, Parameter, Call, StructLiteral, Variable, BasicBlock.
Trust levels: untrusted (public HTTP, no auth), semi_trusted (webhook, auth middleware), trusted (controller Reconcile, init).
Edge¶
{
"source": "pkg/handler/auth.go::HandleLogin",
"target": "pkg/db/users.go::FindUser",
"kind": "EdgeCalls",
"label": "",
"confidence": "CERTAIN"
}
Edge kinds and labels:
EdgeCalls: function-to-function call (confidence: CERTAIN, INFERRED, UNCERTAIN)EdgeContains: file-to-function, function-to-literal containmentEdgeAliases: type alias relationshipEdgeDataFlow: intraprocedural data flow (labels:assigns,reads,passes_to,field_access,returns)EdgeControlFlow: CFG edges (labels:true_branch,false_branch,fallthrough,loop_back,loop_exit,exception,entry,exit)
Taint Finding¶
{
"rule": "taint-to-sink",
"source": {
"id": "pkg/handler/auth.go::HandleLogin::r",
"file": "pkg/handler/auth.go",
"line": 42
},
"sink": {
"id": "pkg/db/users.go::FindUser::db.Query",
"file": "pkg/db/users.go",
"line": 67
},
"path": ["HandleLogin::r", "HandleLogin::username", "FindUser::query", "FindUser::db.Query"],
"sanitized": false,
"cross_function": true
}
Security findings (JSON)¶
{
"domain": "security",
"findings": [
{
"id": "CGA-004-001",
"query": "CGA-004",
"title": "Hardcoded API key",
"severity": "high",
"file": "pkg/config/defaults.go",
"line": 23,
"evidence": "String literal matches API key pattern: 'sk-...'",
"recommendation": "Use environment variable or secret mount"
}
]
}
Security findings (SARIF)¶
Standard SARIF 2.1.0 format compatible with GitHub Code Scanning:
{
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "architecture-analyzer",
"version": "0.2.0",
"rules": [...]
}
},
"results": [...]
}
]
}