stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/features/unchecked/scanner/java-dependency-scope-classification.md Normal file
View File

@@ -0,0 +1,29 @@
# Java Dependency Scope Classification
## Module
Scanner
## Status
IMPLEMENTED
## Description
Classifies Java dependencies into compile, test, provided, runtime, and system scopes from Maven/Gradle declarations, enabling scope-aware SBOM generation and reachability filtering.
## Implementation Details
- **Build Metadata**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/BuildMetadata/JavaDependencyDeclaration.cs` - Dependency declaration model with scope classification
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/BuildMetadata/JavaProjectMetadata.cs` - Project metadata with declared scopes
- **Maven POM Parsing**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Maven/MavenPomParser.cs` - Parses dependency scopes from POM files
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Maven/MavenBomImporter.cs` - Imports BOM dependencies with scope
- **Gradle Parsing**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Gradle/GradleGroovyParser.cs` - Parses compile/test/runtime configurations
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Gradle/GradleKotlinParser.cs` - Kotlin DSL scope extraction
- **Language Analyzer**: `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/JavaLanguageAnalyzer.cs`
## E2E Test Plan
- [ ] Scan a Maven project and verify dependencies are classified into compile, test, provided, runtime, and system scopes
- [ ] Scan a Gradle project and verify implementation/api/testImplementation/compileOnly configurations map to correct scopes
- [ ] Verify scope information is included in the generated SBOM
- [ ] Verify test-scope dependencies are excluded from reachability analysis by default
- [ ] Verify provided-scope dependencies are correctly handled for runtime vs compile-time analysis