git.stella-ops.org/docs/features/unchecked/scanner/java-dependency-scope-classification.md

# Java Dependency Scope Classification

## Module
Scanner

## Status
IMPLEMENTED

## Description
Classifies Java dependencies into compile, test, provided, runtime, and system scopes from Maven/Gradle declarations, enabling scope-aware SBOM generation and reachability filtering.

## Implementation Details
- **Build Metadata**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/BuildMetadata/JavaDependencyDeclaration.cs` - Dependency declaration model with scope classification
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/BuildMetadata/JavaProjectMetadata.cs` - Project metadata with declared scopes
- **Maven POM Parsing**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Maven/MavenPomParser.cs` - Parses dependency scopes from POM files
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Maven/MavenBomImporter.cs` - Imports BOM dependencies with scope
- **Gradle Parsing**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Gradle/GradleGroovyParser.cs` - Parses compile/test/runtime configurations
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Gradle/GradleKotlinParser.cs` - Kotlin DSL scope extraction
- **Language Analyzer**: `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/JavaLanguageAnalyzer.cs`

## E2E Test Plan
- [ ] Scan a Maven project and verify dependencies are classified into compile, test, provided, runtime, and system scopes
- [ ] Scan a Gradle project and verify implementation/api/testImplementation/compileOnly configurations map to correct scopes
- [ ] Verify scope information is included in the generated SBOM
- [ ] Verify test-scope dependencies are excluded from reachability analysis by default
- [ ] Verify provided-scope dependencies are correctly handled for runtime vs compile-time analysis