stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fa4823f46c4bc090294580a9136fb6b0e11e50f9
git.stella-ops.org/docs/features/unchecked/scanner/java-multi-version-conflict-detection.md

1.5 KiB
Raw Blame History

Java Multi-Version Conflict Detection

Module

Scanner

Status

IMPLEMENTED

Description

Detects version conflicts where multiple versions of the same groupId:artifactId appear in the resolved dependency tree, flagging Maven nearest-wins and Gradle forced-version resolutions.

Implementation Details

  • Conflict Detection:
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Conflicts/VersionConflictDetector.cs - VersionConflictDetector identifies version conflicts where multiple versions of the same groupId:artifactId are resolved in the dependency tree, flagging Maven nearest-wins and Gradle forced-version resolution strategies
  • Language Analyzer Integration:
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/JavaLanguageAnalyzer.cs - JavaLanguageAnalyzer integrates conflict detection into the analysis pipeline

E2E Test Plan

  • Scan a Maven project with diamond dependency conflicts (A depends on B:1.0 and C which depends on B:2.0) and verify the conflict is detected
  • Verify Maven "nearest-wins" resolution strategy is correctly identified and the winning version is reported
  • Scan a Gradle project with forced version constraints (!! or force = true) and verify forced resolutions are flagged
  • Verify conflict detection results include both the requested and resolved versions for each conflicting dependency
  • Verify conflict information appears in scan findings with appropriate severity classification