feat: Add initial implementation of Vulnerability Resolver Jobs

- Created project for StellaOps.Scanner.Analyzers.Native.Tests with necessary dependencies. - Documented roles and guidelines in AGENTS.md for Scheduler module. - Implemented IResolverJobService interface and InMemoryResolverJobService for handling resolver jobs. - Added ResolverBacklogNotifier and ResolverBacklogService for monitoring job metrics. - Developed API endpoints for managing resolver jobs and retrieving metrics. - Defined models for resolver job requests and responses. - Integrated dependency injection for resolver job services. - Implemented ImpactIndexSnapshot for persisting impact index data. - Introduced SignalsScoringOptions for configurable scoring weights in reachability scoring. - Added unit tests for ReachabilityScoringService and RuntimeFactsIngestionService. - Created dotnet-filter.sh script to handle command-line arguments for dotnet. - Established nuget-prime project for managing package downloads.
2025-11-18 07:52:15 +02:00
parent e69b57d467
commit 8355e2ff75
299 changed files with 13293 additions and 2444 deletions
--- a/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/tgz/expected.json
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/tgz/expected.json
@@ -0,0 +1,31 @@
+[
+  {
+    "analyzerId": "node",
+    "componentKey": "purl::pkg:npm/tar-demo@1.2.3",
+    "purl": "pkg:npm/tar-demo@1.2.3",
+    "name": "tar-demo",
+    "version": "1.2.3",
+    "type": "npm",
+    "usedByEntrypoint": false,
+    "metadata": {
+      "installScripts": "true",
+      "path": "tgz",
+      "policyHint.installLifecycle": "install",
+      "script.install": "echo install"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "package.json",
+        "locator": "tgz/tar-demo.tgz!package/package.json",
+        "sha256": "dd27b49de19040a8b5738d4ad0d17ef2041e5ac8a6c5300dbace9be8fcf3ed67"
+      },
+      {
+        "kind": "metadata",
+        "source": "package.json:scripts",
+        "locator": "tgz/tar-demo.tgz!package/package.json#scripts.install",
+        "value": "echo install"
+      }
+    ]
+  }
+]
--- a/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/tgz/tar-demo.tgz
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/tgz/tar-demo.tgz
--- a/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/version-targets/.nvmrc
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/version-targets/.nvmrc
@@ -0,0 +1 @@
+18.17.1
--- a/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/version-targets/Dockerfile
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/version-targets/Dockerfile
@@ -0,0 +1,2 @@
+FROM node:18.17.1-alpine
+CMD ["node", "index.js"]
--- a/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/version-targets/expected.json
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/version-targets/expected.json
@@ -0,0 +1,67 @@
+[
+  {
+    "analyzerId": "node",
+    "componentKey": "purl::pkg:npm/version-targets@1.0.0",
+    "purl": "pkg:npm/version-targets@1.0.0",
+    "name": "version-targets",
+    "version": "1.0.0",
+    "type": "npm",
+    "usedByEntrypoint": false,
+    "metadata": {
+      "nodeVersion": "18.17.1;18.17.1-alpine",
+      "nodeVersionSource.dockerfile": "18.17.1-alpine",
+      "nodeVersionSource.nvmrc": "18.17.1",
+      "path": "."
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "node-version:dockerfile",
+        "locator": "Dockerfile",
+        "value": "18.17.1-alpine",
+        "sha256": "b38d145059ea1b7018105f769070f1d07276b30719ce20358f673bef9655bcdf"
+      },
+      {
+        "kind": "file",
+        "source": "node-version:nvmrc",
+        "locator": ".nvmrc",
+        "value": "18.17.1",
+        "sha256": "cbc986933feddabb31649808506d635bb5d74667ba2da9aafc46ffe706ec745b"
+      },
+      {
+        "kind": "file",
+        "source": "package.json",
+        "locator": "package.json"
+      }
+    ]
+  },
+  {
+    "analyzerId": "node",
+    "componentKey": "purl::pkg:npm/tar-demo@1.2.3",
+    "purl": "pkg:npm/tar-demo@1.2.3",
+    "name": "tar-demo",
+    "version": "1.2.3",
+    "type": "npm",
+    "usedByEntrypoint": false,
+    "metadata": {
+      "installScripts": "true",
+      "path": "tgz",
+      "policyHint.installLifecycle": "install",
+      "script.install": "echo install"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "package.json",
+        "locator": "tgz/tar-demo.tgz!package/package.json",
+        "sha256": "dd27b49de19040a8b5738d4ad0d17ef2041e5ac8a6c5300dbace9be8fcf3ed67"
+      },
+      {
+        "kind": "metadata",
+        "source": "package.json:scripts",
+        "locator": "tgz/tar-demo.tgz!package/package.json#scripts.install",
+        "value": "echo install"
+      }
+    ]
+  }
+]
--- a/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/version-targets/package.json
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Fixtures/lang/node/version-targets/package.json
@@ -0,0 +1,4 @@
+{
+  "name": "version-targets",
+  "version": "1.0.0"
+}
--- a/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Node/NodeLanguageAnalyzerTests.cs
+++ b/src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Node.Tests/Node/NodeLanguageAnalyzerTests.cs
@@ -7,11 +7,11 @@ namespace StellaOps.Scanner.Analyzers.Lang.Node.Tests;
 public sealed class NodeLanguageAnalyzerTests
 {
    [Fact]
-    public async Task WorkspaceFixtureProducesDeterministicOutputAsync()
-    {
-        var cancellationToken = TestContext.Current.CancellationToken;
-        var fixturePath = TestPaths.ResolveFixture("lang", "node", "workspaces");
-        var goldenPath = Path.Combine(fixturePath, "expected.json");
+    public async Task WorkspaceFixtureProducesDeterministicOutputAsync()
+    {
+        var cancellationToken = TestContext.Current.CancellationToken;
+        var fixturePath = TestPaths.ResolveFixture("lang", "node", "workspaces");
+        var goldenPath = Path.Combine(fixturePath, "expected.json");

        var analyzers = new ILanguageAnalyzer[]
        {
@@ -20,8 +20,46 @@ public sealed class NodeLanguageAnalyzerTests

        await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
            fixturePath,
-            goldenPath,
-            analyzers,
-            cancellationToken);
-    }
-}
+            goldenPath,
+            analyzers,
+            cancellationToken);
+    }
+
+    [Fact]
+    public async Task VersionTargetsAreCapturedAsync()
+    {
+        var cancellationToken = TestContext.Current.CancellationToken;
+        var fixturePath = TestPaths.ResolveFixture("lang", "node", "version-targets");
+        var goldenPath = Path.Combine(fixturePath, "expected.json");
+
+        var analyzers = new ILanguageAnalyzer[]
+        {
+            new NodeLanguageAnalyzer()
+        };
+
+        await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
+            fixturePath,
+            goldenPath,
+            analyzers,
+            cancellationToken);
+    }
+
+    [Fact]
+    public async Task TarballPackageIsParsedAsync()
+    {
+        var cancellationToken = TestContext.Current.CancellationToken;
+        var fixturePath = TestPaths.ResolveFixture("lang", "node", "version-targets");
+        var goldenPath = Path.Combine(fixturePath, "expected.json");
+
+        var analyzers = new ILanguageAnalyzer[]
+        {
+            new NodeLanguageAnalyzer()
+        };
+
+        await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
+            fixturePath,
+            goldenPath,
+            analyzers,
+            cancellationToken);
+    }
+}