stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f43e828b4e21957636ce35cdaf50bb29da5d4e1d
git.stella-ops.org/docs/modules/scanner/prep/2025-11-20-java-21-008-prep.md
master 79b8e53441
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add new features and tests for AirGap and Time modules 
- Introduced `SbomService` tasks documentation.
- Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`.
- Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace.
- Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories.
- Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests.
- Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace.
- Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.
2025-11-20 23:29:54 +02:00

27 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Java Analyzer Prep — SCANNER-ANALYZERS-JAVA-21-008
Status: Draft (2025-11-20)
Owners: Java Analyzer Guild
Scope: Resolver + AOC writer emitting entrypoints/components/edges with reason codes/confidence; depends on 21-007 outputs.
## Dependencies
- 21-007 manifest metadata collector outputs (signers, manifest attributes) required to seed resolver inputs.
- CoreLinksets/Concelier build health to allow Java analyzer test runs.
## Proposed resolver outputs
- `entrypoints[]`: `{id, path, manifest_main_class?, agent_class?, start_class?, module}`.
- `components[]`: modules/JARs with `{purl?, sha256, module_name?, signed?, signer_ids[]}`.
- `edges[]`: `{from_entrypoint, to_component, reason_code (jpms|cp|spi|reflect|jni|runtime), confidence, evidence}`.
- Deterministic ordering: sort edges by (from_entrypoint, to_component, reason_code).
## Tests/fixtures
- Place fixtures under `src/Scanner/__Tests/Fixtures/java/21-008/*` covering jpms, classpath, SPI, reflection, JNI cases.
- Regression tests: `ResolverOutputs_AreDeterministic` and `EdgesIncludeReasonAndConfidence`.
## Open decisions
- Exact confidence scale (01 vs categorical) to align with downstream Surface.
- Whether to emit runtime edges in this task vs deferring to 21-010.
## Handoff
Use this doc as the PREP artefact for 21-008; update once 21-007 outputs and confidence scale are finalized.
Reference in New Issue View Git Blame Copy Permalink