git.stella-ops.org/docs/features/checked/scanner/python-egg-info-and-editable-install-support.md

Python egg-info and Editable Install Support

Module

Scanner

Status

VERIFIED

Description

Extends Python analyzer to discover packages installed via legacy egg-info metadata format and pip editable installs (pip install -e), which lack standard dist-info directories.

Implementation Details

• Egg-Info Adapter:
  • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/Adapters/EggInfoAdapter.cs - EggInfoAdapter discovers packages installed via legacy egg-info metadata format, extracting package name, version, and dependencies
• Editable Install Adapter:
  • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/Adapters/PipEditableAdapter.cs - PipEditableAdapter discovers packages installed via pip install -e editable installs, which use .egg-link files instead of standard dist-info
• Package Discovery:
  • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/PythonPackageDiscovery.cs - PythonPackageDiscovery orchestrates discovery across dist-info, egg-info, and editable install paths
  • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/PythonPackageInfo.cs - PythonPackageInfo unified package metadata model
  • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Packaging/PythonPackageKind.cs - Enum distinguishing dist-info, egg-info, and editable package types
• Language Analyzer: src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/PythonLanguageAnalyzer.cs

E2E Test Plan

• Scan a container with Python packages installed via legacy python setup.py install (egg-info) and verify they are discovered
• Scan a container with pip editable installs (pip install -e .) and verify the editable packages are discovered
• Verify egg-info packages include correct name, version, and dependency metadata in the SBOM
• Verify editable installs using .egg-link files are correctly resolved to their source paths
• Verify the package kind (dist-info vs egg-info vs editable) is correctly classified for each discovered package

---

Verification

Check	Result
Tier 0 - Source files exist	PASS
Tier 1 - Build + code review	PASS
Tier 2 - Integration tests	PASS
Verified	2026-02-13T18:10:00Z