stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e11c0a6b59f2efa6f3bb46f2f14eac408bfa87f5
git.stella-ops.org/docs/features/checked/scanner/java-multi-version-conflict-detection.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

1.7 KiB
Raw Blame History

Java Multi-Version Conflict Detection

Module

Scanner

Status

VERIFIED

Description

Detects version conflicts where multiple versions of the same groupId:artifactId appear in the resolved dependency tree, flagging Maven nearest-wins and Gradle forced-version resolutions.

Implementation Details

  • Conflict Detection:
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Conflicts/VersionConflictDetector.cs - VersionConflictDetector identifies version conflicts where multiple versions of the same groupId:artifactId are resolved in the dependency tree, flagging Maven nearest-wins and Gradle forced-version resolution strategies
  • Language Analyzer Integration:
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/JavaLanguageAnalyzer.cs - JavaLanguageAnalyzer integrates conflict detection into the analysis pipeline

E2E Test Plan

  • Scan a Maven project with diamond dependency conflicts (A depends on B:1.0 and C which depends on B:2.0) and verify the conflict is detected
  • Verify Maven "nearest-wins" resolution strategy is correctly identified and the winning version is reported
  • Scan a Gradle project with forced version constraints (!! or force = true) and verify forced resolutions are flagged
  • Verify conflict detection results include both the requested and resolved versions for each conflicting dependency
  • Verify conflict information appears in scan findings with appropriate severity classification

Verification

Check Result
Tier 0 - Source files exist PASS
Tier 1 - Build + code review PASS
Tier 2 - Integration tests PASS
Verified 2026-02-13T18:10:00Z