# Windows Chocolatey Package Analyzer

## Module
Scanner

## Status
IMPLEMENTED

## Description
Discovers Chocolatey-installed packages by parsing .nuspec files in the Chocolatey lib directory, producing SBOM components with id, version, license URL, and dependency chains.

## Implementation Details
- **Chocolatey Analyzer Plugin**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.Chocolatey/ChocolateyAnalyzerPlugin.cs` - `ChocolateyAnalyzerPlugin` discovering Chocolatey-installed packages by parsing .nuspec files in the Chocolatey lib directory, extracting package id, version, license URL, and dependency chains
- **Tests**:
  - `src/Scanner/__Tests/StellaOps.Scanner.Analyzers.OS.Windows.Chocolatey.Tests/ChocolateyAnalyzerPluginTests.cs` - Unit tests for Chocolatey package discovery

## E2E Test Plan
- [ ] Scan a Windows container image with Chocolatey packages installed and verify all packages are discovered from the lib directory
- [ ] Verify each discovered package includes correct id, version, and license URL from the .nuspec file
- [ ] Verify dependency chains are resolved from .nuspec dependency elements
- [ ] Verify the analyzer correctly handles packages with no dependencies
- [ ] Verify the analyzer produces valid SBOM components with correct PURLs for Chocolatey packages