macOS pkgutil Receipt Analyzer

Module

Scanner

Status

VERIFIED

Description

Parses macOS pkgutil receipt database and BOM files to discover Apple installer packages, producing SBOM components with package identifier, version, and installed volume.

Implementation Details

Package Analyzer:
- src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Pkgutil/PkgutilPackageAnalyzer.cs - PkgutilPackageAnalyzer discovers Apple installer packages from pkgutil receipt database
- src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Pkgutil/PkgutilAnalyzerPlugin.cs - Plugin registration for the pkgutil analyzer
Parsers:
- src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Pkgutil/PkgutilReceiptParser.cs - PkgutilReceiptParser parses pkgutil receipt plist files extracting package identifier, version, and install metadata
- src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.Pkgutil/BomParser.cs - BomParser parses macOS BOM (Bill of Materials) files listing installed file manifests

E2E Test Plan

Scan a macOS container image and verify Apple installer packages are discovered from pkgutil receipts
Verify each discovered package includes package identifier (e.g., com.apple.pkg.CLTools_Executables), version, and installed volume
Verify BOM file parsing correctly identifies the files installed by each package
Verify SBOM components are produced with correct PURL format for macOS system packages
Verify packages from third-party PKG installers are also discovered alongside Apple system packages

Verification

Check	Result
Tier 0 - Source files exist	PASS
Tier 1 - Build + code review	PASS
Tier 2 - Integration tests	PASS
Verified	2026-02-13T18:10:00Z

1.8 KiB Raw Blame History

macOS pkgutil Receipt Analyzer

Module

Status

Description

Implementation Details

E2E Test Plan

Verification

1.8 KiB

Raw Blame History