feat: Update analyzer fixtures and metadata for improved license handling and provenance tracking

- Added license expressions and provenance fields to expected JSON outputs for .NET and Rust analyzers. - Introduced new .nuspec files for StellaOps.Runtime.SelfContained and StellaOps.Toolkit packages, including license information. - Created LICENSE.txt files for both toolkit packages with clear licensing terms. - Updated expected JSON for signed and simple analyzers to include license information and provenance. - Enhanced the SPRINTS_LANG_IMPLEMENTATION_PLAN.md with detailed progress and future sprint outlines, ensuring clarity on deliverables and acceptance metrics.
2025-10-23 07:57:16 +03:00
parent 35c5614eb7
commit fa125486b8
17 changed files with 1857 additions and 1343 deletions
--- a/src/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/rust/simple/expected.json
+++ b/src/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/rust/simple/expected.json
@@ -1,24 +1,4 @@
 [
-  {
-    "analyzerId": "rust",
-    "componentKey": "bin::sha256:22caa7413d89026b52db64c8abc254bf9e7647ab9216e79c6972a39451f8c41e",
-    "name": "unknown_tool",
-    "type": "bin",
-    "usedByEntrypoint": false,
-    "metadata": {
-      "binary.path": "usr/local/bin/unknown_tool",
-      "binary.sha256": "22caa7413d89026b52db64c8abc254bf9e7647ab9216e79c6972a39451f8c41e",
-      "provenance": "binary"
-    },
-    "evidence": [
-      {
-        "kind": "file",
-        "source": "binary",
-        "locator": "usr/local/bin/unknown_tool",
-        "sha256": "22caa7413d89026b52db64c8abc254bf9e7647ab9216e79c6972a39451f8c41e"
-      }
-    ]
-  },
  {
    "analyzerId": "rust",
    "componentKey": "purl::pkg:cargo/my_app@0.1.0",
@@ -26,22 +6,14 @@
    "name": "my_app",
    "version": "0.1.0",
    "type": "cargo",
-    "usedByEntrypoint": true,
+    "usedByEntrypoint": false,
    "metadata": {
-      "binary.paths": "usr/local/bin/my_app",
-      "binary.sha256": "a95a4f4854bf973deacbd937bd1189fc3d0eef7a4fd4f7960f37cf66162c82fd",
      "cargo.lock.path": "Cargo.lock",
      "fingerprint.profile": "debug",
      "fingerprint.targetKind": "bin",
      "source": "registry\u002Bhttps://github.com/rust-lang/crates.io-index"
    },
    "evidence": [
-      {
-        "kind": "file",
-        "source": "binary",
-        "locator": "usr/local/bin/my_app",
-        "sha256": "a95a4f4854bf973deacbd937bd1189fc3d0eef7a4fd4f7960f37cf66162c82fd"
-      },
      {
        "kind": "file",
        "source": "cargo.fingerprint",
@@ -87,4 +59,4 @@
      }
    ]
  }
-]
+]