Add RubyGems, Go, Cargo, CocoaPods, Conda, Maven support to Linux scanner (#1632)

Author: JamieMagee

src/Microsoft.ComponentDetection.Detectors/linux/Factories/ArtifactComponentFactoryBase.cs

@@ -12,6 +12,9 @@ namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
 /// </summary>
 public abstract class ArtifactComponentFactoryBase : IArtifactComponentFactory
 {
+    /// <inheritdoc/>
+    public abstract ComponentType SupportedComponentType { get; }
+
     /// <inheritdoc/>
     public abstract IEnumerable<string> SupportedArtifactTypes { get; }
 

src/Microsoft.ComponentDetection.Detectors/linux/Factories/CargoComponentFactory.cs

@@ -0,0 +1,46 @@
+#nullable disable
+namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
+
+using System.Collections.Generic;
+using Microsoft.ComponentDetection.Contracts.TypedComponent;
+using Microsoft.ComponentDetection.Detectors.Linux.Contracts;
+
+/// <summary>
+/// Factory for creating <see cref="CargoComponent"/> instances from Rust crate artifacts.
+/// </summary>
+public class CargoComponentFactory : ArtifactComponentFactoryBase
+{
+    /// <inheritdoc/>
+    public override ComponentType SupportedComponentType => ComponentType.Cargo;
+
+    /// <inheritdoc/>
+    public override IEnumerable<string> SupportedArtifactTypes => ["rust-crate"];
+
+    /// <inheritdoc/>
+    public override TypedComponent CreateComponent(ArtifactElement artifact, Distro distro)
+    {
+        if (artifact == null)
+        {
+            return null;
+        }
+
+        if (string.IsNullOrWhiteSpace(artifact.Name) || string.IsNullOrWhiteSpace(artifact.Version))
+        {
+            return null;
+        }
+
+        var author = GetAuthorFromArtifact(artifact);
+        var license = GetLicenseFromArtifact(artifact);
+
+        // Syft provides the source in metadata.Source
+        var source = artifact.Metadata?.Source?.String;
+
+        return new CargoComponent(
+            name: artifact.Name,
+            version: artifact.Version,
+            author: author,
+            license: license,
+            source: source
+        );
+    }
+}

src/Microsoft.ComponentDetection.Detectors/linux/Factories/CondaComponentFactory.cs

@@ -0,0 +1,46 @@
+#nullable disable
+namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
+
+using System.Collections.Generic;
+using Microsoft.ComponentDetection.Contracts.TypedComponent;
+using Microsoft.ComponentDetection.Detectors.Linux.Contracts;
+
+/// <summary>
+/// Factory for creating <see cref="CondaComponent"/> instances from Conda package artifacts.
+/// </summary>
+public class CondaComponentFactory : ArtifactComponentFactoryBase
+{
+    /// <inheritdoc/>
+    public override ComponentType SupportedComponentType => ComponentType.Conda;
+
+    /// <inheritdoc/>
+    public override IEnumerable<string> SupportedArtifactTypes => ["conda"];
+
+    /// <inheritdoc/>
+    public override TypedComponent CreateComponent(ArtifactElement artifact, Distro distro)
+    {
+        if (artifact == null)
+        {
+            return null;
+        }
+
+        if (string.IsNullOrWhiteSpace(artifact.Name) || string.IsNullOrWhiteSpace(artifact.Version))
+        {
+            return null;
+        }
+
+        // Syft provides conda metadata including build, channel, subdir, url, and md5
+        var metadata = artifact.Metadata;
+
+        return new CondaComponent(
+            name: artifact.Name,
+            version: artifact.Version,
+            build: metadata?.Build,
+            channel: metadata?.Channel,
+            subdir: metadata?.Subdir,
+            @namespace: null, // Syft doesn't provide namespace
+            url: metadata?.Url?.String,
+            md5: metadata?.Md5
+        );
+    }
+}

src/Microsoft.ComponentDetection.Detectors/linux/Factories/DotnetComponentFactory.cs

@@ -10,6 +10,9 @@ namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
 /// </summary>
 public class DotnetComponentFactory : ArtifactComponentFactoryBase
 {
+    /// <inheritdoc/>
+    public override ComponentType SupportedComponentType => ComponentType.NuGet;
+
     /// <inheritdoc/>
     public override IEnumerable<string> SupportedArtifactTypes => ["dotnet"];
 

src/Microsoft.ComponentDetection.Detectors/linux/Factories/GoComponentFactory.cs

@@ -0,0 +1,42 @@
+#nullable disable
+namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
+
+using System.Collections.Generic;
+using Microsoft.ComponentDetection.Contracts.TypedComponent;
+using Microsoft.ComponentDetection.Detectors.Linux.Contracts;
+
+/// <summary>
+/// Factory for creating <see cref="GoComponent"/> instances from Go module artifacts.
+/// </summary>
+public class GoComponentFactory : ArtifactComponentFactoryBase
+{
+    /// <inheritdoc/>
+    public override ComponentType SupportedComponentType => ComponentType.Go;
+
+    /// <inheritdoc/>
+    public override IEnumerable<string> SupportedArtifactTypes => ["go-module"];
+
+    /// <inheritdoc/>
+    public override TypedComponent CreateComponent(ArtifactElement artifact, Distro distro)
+    {
+        if (artifact == null)
+        {
+            return null;
+        }
+
+        if (string.IsNullOrWhiteSpace(artifact.Name) || string.IsNullOrWhiteSpace(artifact.Version))
+        {
+            return null;
+        }
+
+        // Syft provides the h1 digest hash in metadata.H1Digest
+        var hash = artifact.Metadata?.H1Digest;
+
+        if (!string.IsNullOrWhiteSpace(hash))
+        {
+            return new GoComponent(name: artifact.Name, version: artifact.Version, hash: hash);
+        }
+
+        return new GoComponent(name: artifact.Name, version: artifact.Version);
+    }
+}

src/Microsoft.ComponentDetection.Detectors/linux/Factories/IArtifactComponentFactory.cs

@@ -10,6 +10,11 @@ namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
 /// </summary>
 public interface IArtifactComponentFactory
 {
+    /// <summary>
+    /// Gets the component type that this factory produces.
+    /// </summary>
+    public ComponentType SupportedComponentType { get; }
+
     /// <summary>
     /// Gets the artifact types (e.g., "npm", "apk", "deb") that this factory can handle.
     /// </summary>

src/Microsoft.ComponentDetection.Detectors/linux/Factories/LinuxComponentFactory.cs

@@ -10,6 +10,9 @@ namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
 /// </summary>
 public class LinuxComponentFactory : ArtifactComponentFactoryBase
 {
+    /// <inheritdoc/>
+    public override ComponentType SupportedComponentType => ComponentType.Linux;
+
     /// <inheritdoc/>
     public override IEnumerable<string> SupportedArtifactTypes => ["apk", "deb", "rpm"];
 
@@ -35,6 +38,7 @@ public override TypedComponent CreateComponent(ArtifactElement artifact, Distro
             name: artifact.Name,
             version: artifact.Version,
             license: license,
-            author: supplier);
+            author: supplier
+        );
     }
 }

src/Microsoft.ComponentDetection.Detectors/linux/Factories/MavenComponentFactory.cs

@@ -0,0 +1,83 @@
+#nullable disable
+namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
+
+using System.Collections.Generic;
+using Microsoft.ComponentDetection.Contracts.TypedComponent;
+using Microsoft.ComponentDetection.Detectors.Linux.Contracts;
+
+/// <summary>
+/// Factory for creating <see cref="MavenComponent"/> instances from Java archive artifacts.
+/// </summary>
+public class MavenComponentFactory : ArtifactComponentFactoryBase
+{
+    /// <inheritdoc/>
+    public override ComponentType SupportedComponentType => ComponentType.Maven;
+
+    /// <inheritdoc/>
+    public override IEnumerable<string> SupportedArtifactTypes => ["java-archive"];
+
+    /// <inheritdoc/>
+    public override TypedComponent CreateComponent(ArtifactElement artifact, Distro distro)
+    {
+        if (artifact == null)
+        {
+            return null;
+        }
+
+        if (string.IsNullOrWhiteSpace(artifact.Version))
+        {
+            return null;
+        }
+
+        // Syft provides Maven coordinates in pomProperties or pomProject
+        var pomProperties = artifact.Metadata?.PomProperties;
+        var pomProject = artifact.Metadata?.PomProject;
+
+        // Try pomProperties first (more reliable for resolved dependencies)
+        var groupId = pomProperties?.GroupId ?? pomProject?.GroupId;
+        var artifactId = pomProperties?.ArtifactId ?? pomProject?.ArtifactId;
+
+        // Fall back to artifact name if no pom metadata available
+        // Syft uses the format "groupId:artifactId" or just the jar name
+        if (string.IsNullOrWhiteSpace(groupId) || string.IsNullOrWhiteSpace(artifactId))
+        {
+            if (!TryParseFromName(artifact.Name, out groupId, out artifactId))
+            {
+                // Cannot determine Maven coordinates
+                return null;
+            }
+        }
+
+        return new MavenComponent(
+            groupId: groupId,
+            artifactId: artifactId,
+            version: artifact.Version
+        );
+    }
+
+    /// <summary>
+    /// Attempts to parse groupId and artifactId from a name in the format "groupId:artifactId"
+    /// or similar Maven coordinate notation.
+    /// </summary>
+    private static bool TryParseFromName(string name, out string groupId, out string artifactId)
+    {
+        groupId = null;
+        artifactId = null;
+
+        if (string.IsNullOrWhiteSpace(name))
+        {
+            return false;
+        }
+
+        // Handle "groupId:artifactId" format
+        var colonIndex = name.IndexOf(':');
+        if (colonIndex > 0 && colonIndex < name.Length - 1)
+        {
+            groupId = name[..colonIndex];
+            artifactId = name[(colonIndex + 1)..];
+            return !string.IsNullOrWhiteSpace(groupId) && !string.IsNullOrWhiteSpace(artifactId);
+        }
+
+        return false;
+    }
+}

src/Microsoft.ComponentDetection.Detectors/linux/Factories/NpmComponentFactory.cs

@@ -11,6 +11,9 @@ namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
 /// </summary>
 public class NpmComponentFactory : ArtifactComponentFactoryBase
 {
+    /// <inheritdoc/>
+    public override ComponentType SupportedComponentType => ComponentType.Npm;
+
     /// <inheritdoc/>
     public override IEnumerable<string> SupportedArtifactTypes => ["npm"];
 
@@ -34,7 +37,8 @@ public override TypedComponent CreateComponent(ArtifactElement artifact, Distro
             name: artifact.Name,
             version: artifact.Version,
             hash: hash,
-            author: author);
+            author: author
+        );
     }
 
     private static NpmAuthor GetNpmAuthorFromArtifact(ArtifactElement artifact)

src/Microsoft.ComponentDetection.Detectors/linux/Factories/PipComponentFactory.cs

@@ -10,6 +10,9 @@ namespace Microsoft.ComponentDetection.Detectors.Linux.Factories;
 /// </summary>
 public class PipComponentFactory : ArtifactComponentFactoryBase
 {
+    /// <inheritdoc/>
+    public override ComponentType SupportedComponentType => ComponentType.Pip;
+
     /// <inheritdoc/>
     public override IEnumerable<string> SupportedArtifactTypes => ["python"];
 
@@ -33,6 +36,7 @@ public override TypedComponent CreateComponent(ArtifactElement artifact, Distro
             name: artifact.Name,
             version: artifact.Version,
             author: author,
-            license: license);
+            license: license
+        );
     }
 }