Create LinuxApplicationLayerDetector

[JamieMagee]

This change:

• Removes pip and npm component detection capabilities from LinuxContainerDetector
• Creates LinuxApplicationLayerDetector which subclasses LinuxContainerDetector and adds support back for pip and npm component detection
• Creates LinuxApplicationLayerExperiment to compare LinuxContainerDetector and LinuxApplicationLayerDetector

Please note that I also reformatted LinuxContainerDetector, so you may want to review with whitespace changes disabled.

[codecov]

Codecov Report

❌ Patch coverage is 88.08777% with 76 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.2%. Comparing base (e7e4a99) to head (b0d0a16).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...etection.Detectors/linux/LinuxContainerDetector.cs	57.6%	57 Missing and 1 partial ⚠️
...ComponentDetection.Detectors/linux/LinuxScanner.cs	79.2%	10 Missing and 1 partial ⚠️
...ion.Detectors.Tests/LinuxContainerDetectorTests.cs	96.1%	6 Missing ⚠️
...n.Detectors/linux/LinuxApplicationLayerDetector.cs	88.8%	1 Missing ⚠️

Additional details and impacted files

@@          Coverage Diff           @@
##            main   #1551    +/-   ##
======================================
  Coverage   90.2%   90.2%            
======================================
  Files        423     426     +3     
  Lines      35476   35965   +489     
  Branches    2209    2216     +7     
======================================
+ Hits       32020   32464   +444     
- Misses      3001    3045    +44     
- Partials     455     456     +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR creates a new LinuxApplicationLayerDetector as an experimental variant of LinuxContainerDetector to test detecting application-level packages (npm, pip) in addition to system packages. The approach involves inheritance rather than actual behavioral changes, with the new detector subclassing the existing one and primarily differing in metadata.

Key Changes:

• Removes Npm and Pip from LinuxContainerDetector's declared Categories and SupportedComponentTypes
• Creates LinuxApplicationLayerDetector extending LinuxContainerDetector with Npm/Pip support in metadata
• Adds LinuxApplicationLayerExperiment to compare the two detectors
• Reformats LinuxContainerDetector and disables StyleCop rules SA1009/SA1111 globally

Critical Issue: Both detectors will actually detect npm and pip components regardless of declared types, because they share the same LinuxScanner instance which uses all registered IArtifactComponentFactory implementations (including npm and pip factories). The metadata changes only affect how detectors identify themselves, not what they detect.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
LinuxContainerDetector.cs	Removed Npm/Pip from Categories and SupportedComponentTypes; extensive formatting changes with multi-line method signatures
LinuxApplicationLayerDetector.cs	New experimental detector inheriting from LinuxContainerDetector, adds back Npm/Pip to metadata using new keyword to shadow base properties
LinuxApplicationLayerExperiment.cs	New experiment configuration to compare LinuxContainerDetector vs LinuxApplicationLayerDetector using type pattern matching
ServiceCollectionExtensions.cs	Registered new detector and experiment configuration in DI container
.editorconfig	Globally disabled SA1009 and SA1111 StyleCop rules to accommodate new formatting style

[github-actions]

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

• The detector detects more or fewer components than before
• The detector generates different parent/child graph relationships than before
• The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

[JamieMagee]

Snapshot test differences are expected as we're effectively removing npm and pip components from the Linux detector.