b6b9ffc050
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented the PhpAnalyzerPlugin to analyze PHP projects. - Created ComposerLockData class to represent data from composer.lock files. - Developed ComposerLockReader to load and parse composer.lock files asynchronously. - Introduced ComposerPackage class to encapsulate package details. - Added PhpPackage class to represent PHP packages with metadata and evidence. - Implemented PhpPackageCollector to gather packages from ComposerLockData. - Created PhpLanguageAnalyzer to perform analysis and emit results. - Added capability signals for known PHP frameworks and CMS. - Developed unit tests for the PHP language analyzer and its components. - Included sample composer.lock and expected output for testing. - Updated project files for the new PHP analyzer library and tests.
1.0 KiB
1.0 KiB
Link-Not-Merge v1 Fixtures
Status: Awaiting drop (2025-11-22)
Expected contents (all JSON, canonicalized, UTF-8):
projections.json— canonical SBOM projection payloads keyed by snapshot ID.assets.json— asset metadata overlays (tenant-scoped, append-only).paths.json— ordered dependency paths with runtime flags and blast-radius hints.events.json—sbom.version.createdenvelopes aligned to CAS/provenance fields.schema-version.txt— git SHA / semantic version of the frozen projection schema.SHA256SUMS— checksums for all files above.
Drop instructions:
- Place files in this directory and update
SHA256SUMSviasha256sum *.json *.txt > SHA256SUMS. - Keep ordering stable; prefer NDJSON converted to JSON arrays only if deterministic sorting is applied.
- Record drop commit in sprint 0140/0142 Execution Logs and link here.
Consumers:
- SBOM-SERVICE-21-001..004 implementation and tests.
- Advisory AI and Console replay suites.
- AirGap parity review (
docs/modules/sbomservice/runbooks/airgap-parity-review.md).