2.0 KiB
2.0 KiB
Java OSGi Bundle Manifest Parsing
Module
Scanner
Status
VERIFIED
Description
Parses OSGi bundle MANIFEST.MF headers (Bundle-SymbolicName, Import-Package, Export-Package, Require-Bundle) to discover embedded dependencies and version ranges in Eclipse/Karaf/Felix deployments.
Implementation Details
- OSGi Bundle Parsing:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Osgi/OsgiBundleParser.cs-OsgiBundleParserparses MANIFEST.MF headers includingBundle-SymbolicName,Import-Package,Export-Package, andRequire-Bundleto discover embedded dependencies and version ranges
- Signature Manifest Analysis:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Signature/JavaSignatureManifestAnalyzer.cs- Analyzes JAR signature manifests alongside bundle manifests
- Entrypoint Resolution:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Resolver/JavaEntrypointResolution.cs- Resolves entrypoints from bundle exports
- Language Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/JavaLanguageAnalyzer.cs
E2E Test Plan
- Scan a container image with an OSGi-based deployment (Eclipse/Karaf/Felix) and verify bundles are discovered from MANIFEST.MF files
- Verify
Bundle-SymbolicNameis extracted and mapped to component identifiers in the SBOM - Verify
Import-PackageandExport-Packageheaders are parsed to identify inter-bundle dependencies with version ranges - Verify
Require-Bundledeclarations are resolved to concrete bundle dependencies - Verify version ranges in OSGi format (e.g.,
[1.0,2.0)) are correctly parsed and represented - Verify embedded JAR bundles within OSGi containers are detected and attributed
Verification
| Check | Result |
|---|---|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |