1.9 KiB
1.9 KiB
Windows WinSxS Manifest Analyzer
Module
Scanner
Status
VERIFIED
Description
Parses Windows Side-by-Side (WinSxS) assembly manifests to discover shared system components, extracting assembly identity, version, processor architecture, and public key token.
Implementation Details
- WinSxS Package Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.WinSxS/WinSxSPackageAnalyzer.cs-WinSxSPackageAnalyzerdiscovering WinSxS assemblies from the WinSxS directory
- Manifest Parser:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.WinSxS/WinSxSManifestParser.cs-WinSxSManifestParserparsing WinSxS assembly manifest XML files to extract assembly identity, version, processor architecture, and public key token
- Metadata Model:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.WinSxS/WinSxSAssemblyMetadata.cs-WinSxSAssemblyMetadatamodel for discovered assembly metadata
- Plugin Registration:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Windows.WinSxS/WinSxSAnalyzerPlugin.cs-WinSxSAnalyzerPluginregistering the WinSxS analyzer in the scanner pipeline
E2E Test Plan
- Scan a Windows container image and verify WinSxS assemblies are discovered from the WinSxS directory
- Verify each discovered assembly includes correct name, version, processor architecture (x86, amd64), and public key token
- Verify the manifest parser correctly handles multi-assembly manifests with dependency declarations
- Verify the analyzer produces valid SBOM components for WinSxS assemblies
- Verify the analyzer correctly handles different WinSxS directory layouts across Windows versions
Verification
| Check | Result |
|---|---|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |