2.1 KiB
2.1 KiB
Java Dependency Scope Classification
Module
Scanner
Status
VERIFIED
Description
Classifies Java dependencies into compile, test, provided, runtime, and system scopes from Maven/Gradle declarations, enabling scope-aware SBOM generation and reachability filtering.
Implementation Details
- Build Metadata:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/BuildMetadata/JavaDependencyDeclaration.cs- Dependency declaration model with scope classificationsrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/BuildMetadata/JavaProjectMetadata.cs- Project metadata with declared scopes
- Maven POM Parsing:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Maven/MavenPomParser.cs- Parses dependency scopes from POM filessrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Maven/MavenBomImporter.cs- Imports BOM dependencies with scope
- Gradle Parsing:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Gradle/GradleGroovyParser.cs- Parses compile/test/runtime configurationssrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Gradle/GradleKotlinParser.cs- Kotlin DSL scope extraction
- Language Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/JavaLanguageAnalyzer.cs
E2E Test Plan
- Scan a Maven project and verify dependencies are classified into compile, test, provided, runtime, and system scopes
- Scan a Gradle project and verify implementation/api/testImplementation/compileOnly configurations map to correct scopes
- Verify scope information is included in the generated SBOM
- Verify test-scope dependencies are excluded from reachability analysis by default
- Verify provided-scope dependencies are correctly handled for runtime vs compile-time analysis
Verification
| Check | Result |
|---|---|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |