stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
09d21d977c6fc064f35dcef78628bafda4154492
git.stella-ops.org/src/StellaOps.Scanner.Analyzers.Lang.DotNet/TASKS.md
master 09d21d977c feat: Update analyzer fixtures and metadata for improved license handling and provenance tracking 
- Added license expressions and provenance fields to expected JSON outputs for .NET and Rust analyzers.
- Introduced new .nuspec files for StellaOps.Runtime.SelfContained and StellaOps.Toolkit packages, including license information.
- Created LICENSE.txt files for both toolkit packages with clear licensing terms.
- Updated expected JSON for signed and simple analyzers to include license information and provenance.
- Enhanced the SPRINTS_LANG_IMPLEMENTATION_PLAN.md with detailed progress and future sprint outlines, ensuring clarity on deliverables and acceptance metrics.
2025-10-23 07:57:16 +03:00

1.9 KiB
Raw Blame History

.NET Analyzer Task Flow

Seq ID Status Depends on Description Exit Criteria
1 SCANNER-ANALYZERS-LANG-10-305A DONE (2025-10-22) SCANNER-ANALYZERS-LANG-10-307 Parse *.deps.json + runtimeconfig.json, build RID graph, and normalize to pkg:nuget components. RID graph deterministic; fixtures confirm consistent component ordering; fallback to bin:{sha256} documented.
2 SCANNER-ANALYZERS-LANG-10-305B DONE (2025-10-22) SCANNER-ANALYZERS-LANG-10-305A Extract assembly metadata (strong name, file/product info) and optional Authenticode details when offline cert bundle provided. Signing metadata captured for signed assemblies; offline trust store documented; hash validations deterministic.
3 SCANNER-ANALYZERS-LANG-10-305C DONE (2025-10-22) SCANNER-ANALYZERS-LANG-10-305B Handle self-contained apps and native assets; merge with EntryTrace usage hints. Self-contained fixtures map to components with RID flags; usage hints propagate; tests cover linux/win variants.
4 SCANNER-ANALYZERS-LANG-10-307D DONE (2025-10-22) SCANNER-ANALYZERS-LANG-10-305C Integrate shared helpers (license mapping, quiet provenance) and concurrency-safe caches. Shared helpers reused; concurrency tests for parallel layer scans pass; no redundant allocations.
5 SCANNER-ANALYZERS-LANG-10-308D TODO SCANNER-ANALYZERS-LANG-10-307D Determinism fixtures + benchmark harness; compare to competitor scanners for accuracy/perf. Fixtures in Fixtures/lang/dotnet/; determinism CI guard; benchmark demonstrates lower duplication + faster runtime.
6 SCANNER-ANALYZERS-LANG-10-309D TODO SCANNER-ANALYZERS-LANG-10-308D Package plug-in (manifest, DI registration) and update Offline Kit instructions. Manifest copied to plugins/scanner/analyzers/lang/; Worker loads analyzer; Offline Kit doc updated.