2.1 KiB
2.1 KiB
Python egg-info and Editable Install Support
Module
Scanner
Status
IMPLEMENTED
Description
Extends Python analyzer to discover packages installed via legacy egg-info metadata format and pip editable installs (pip install -e), which lack standard dist-info directories.
Implementation Details
- Egg-Info Adapter:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/Adapters/EggInfoAdapter.cs-EggInfoAdapterdiscovers packages installed via legacy egg-info metadata format, extracting package name, version, and dependencies
- Editable Install Adapter:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/Adapters/PipEditableAdapter.cs-PipEditableAdapterdiscovers packages installed viapip install -eeditable installs, which use .egg-link files instead of standard dist-info
- Package Discovery:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/PythonPackageDiscovery.cs-PythonPackageDiscoveryorchestrates discovery across dist-info, egg-info, and editable install pathssrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/PythonPackageInfo.cs-PythonPackageInfounified package metadata modelsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/PythonPackageKind.cs- Enum distinguishing dist-info, egg-info, and editable package types
- Language Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/PythonLanguageAnalyzer.cs
E2E Test Plan
- Scan a container with Python packages installed via legacy
python setup.py install(egg-info) and verify they are discovered - Scan a container with pip editable installs (
pip install -e .) and verify the editable packages are discovered - Verify egg-info packages include correct name, version, and dependency metadata in the SBOM
- Verify editable installs using .egg-link files are correctly resolved to their source paths
- Verify the package kind (dist-info vs egg-info vs editable) is correctly classified for each discovered package