Add application-layer Syft factories for 6 new ecosystems

[JamieMagee]

Adds factory classes so the Linux container scanner can detect RubyGems, Go, Cargo (Rust), CocoaPods, Conda, and Maven components from Syft output.

Changes:

• New factories: RubyGemsComponentFactory, GoComponentFactory, CargoComponentFactory, PodComponentFactory, CondaComponentFactory, MavenComponentFactory
• Added SupportedComponentType to IArtifactComponentFactory so LinuxScanner builds its component-type-to-factory lookup dynamically instead of maintaining a hardcoded dictionary
• Updated LinuxApplicationLayerDetector with the new categories and component types
• Registered factories in DI
• 32 unit tests covering all new factories

[Copilot]

Pull request overview

This PR adds support for 6 new ecosystems (RubyGems, Go, Cargo/Rust, CocoaPods, Conda, and Maven) to the Linux container scanner by creating artifact component factories that parse Syft output. The PR also refactors the LinuxScanner to build factory lookups dynamically instead of using hardcoded mappings.

Changes:

• Added SupportedComponentType property to IArtifactComponentFactory interface to enable dynamic factory-to-component-type mapping
• Created 6 new factory classes to parse Syft artifacts for RubyGems, Go, Cargo, CocoaPods, Conda, and Maven ecosystems
• Refactored LinuxScanner to build both artifactTypeToFactoryLookup and componentTypeToFactoryLookup dictionaries dynamically using LINQ
• Updated LinuxApplicationLayerDetector to include all 6 new ecosystems in its categories and supported component types
• Added 32 unit tests covering the new factories with various scenarios (happy path, null checks, empty string validation, metadata extraction)

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
src/Microsoft.ComponentDetection.Detectors/linux/Factories/IArtifactComponentFactory.cs	Added SupportedComponentType property to the interface to enable dynamic factory lookup
src/Microsoft.ComponentDetection.Detectors/linux/Factories/ArtifactComponentFactoryBase.cs	Added abstract SupportedComponentType property that derived classes must implement
src/Microsoft.ComponentDetection.Detectors/linux/Factories/LinuxComponentFactory.cs	Implemented SupportedComponentType property returning ComponentType.Linux
src/Microsoft.ComponentDetection.Detectors/linux/Factories/NpmComponentFactory.cs	Implemented SupportedComponentType property returning ComponentType.Npm and minor formatting cleanup
src/Microsoft.ComponentDetection.Detectors/linux/Factories/PipComponentFactory.cs	Implemented SupportedComponentType property returning ComponentType.Pip and minor formatting cleanup
src/Microsoft.ComponentDetection.Detectors/linux/Factories/DotnetComponentFactory.cs	Implemented SupportedComponentType property returning ComponentType.NuGet
src/Microsoft.ComponentDetection.Detectors/linux/Factories/RubyGemsComponentFactory.cs	New factory for creating RubyGemsComponent instances from "gem" artifacts with source extraction
src/Microsoft.ComponentDetection.Detectors/linux/Factories/GoComponentFactory.cs	New factory for creating GoComponent instances from "go-module" artifacts with optional H1 digest hash
src/Microsoft.ComponentDetection.Detectors/linux/Factories/CargoComponentFactory.cs	New factory for creating CargoComponent instances from "rust-crate" artifacts with author/license/source metadata
src/Microsoft.ComponentDetection.Detectors/linux/Factories/PodComponentFactory.cs	New factory for creating PodComponent instances from "pod" artifacts
src/Microsoft.ComponentDetection.Detectors/linux/Factories/CondaComponentFactory.cs	New factory for creating CondaComponent instances from "conda" artifacts with build/channel/subdir/md5 metadata
src/Microsoft.ComponentDetection.Detectors/linux/Factories/MavenComponentFactory.cs	New factory for creating MavenComponent instances from "java-archive" artifacts with multiple fallback strategies for extracting Maven coordinates
src/Microsoft.ComponentDetection.Detectors/linux/LinuxScanner.cs	Refactored to build factory lookup dictionaries dynamically using LINQ instead of hardcoded mappings; renamed factoryLookup to artifactTypeToFactoryLookup for clarity
src/Microsoft.ComponentDetection.Detectors/linux/LinuxApplicationLayerDetector.cs	Updated to include all 6 new ecosystems in Categories and SupportedComponentTypes; updated documentation
src/Microsoft.ComponentDetection.Detectors/linux/LinuxContainerDetector.cs	Minor code formatting improvements (line breaking)
src/Microsoft.ComponentDetection.Orchestrator/Extensions/ServiceCollectionExtensions.cs	Registered all 6 new factories in the DI container
test/Microsoft.ComponentDetection.Detectors.Tests/ArtifactComponentFactoryTests.cs	Added 32 comprehensive unit tests covering all new factories with various scenarios

[github-actions]

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

• The detector detects more or fewer components than before
• The detector generates different parent/child graph relationships than before
• The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

[codecov]

Codecov Report

❌ Patch coverage is 95.17820% with 23 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.8%. Comparing base (70e02a0) to head (cd8d49a).
⚠️ Report is 45 commits behind head on main.

Files with missing lines	Patch %	Lines
...n.Detectors/linux/LinuxApplicationLayerDetector.cs	59.3%	13 Missing ⚠️
...Detectors/linux/Factories/MavenComponentFactory.cs	89.7%	2 Missing and 2 partials ⚠️
...Detectors/linux/Factories/CargoComponentFactory.cs	90.0%	0 Missing and 2 partials ⚠️
...Detectors/linux/Factories/CondaComponentFactory.cs	90.4%	0 Missing and 2 partials ⚠️
...ectors/linux/Factories/RubyGemsComponentFactory.cs	94.7%	0 Missing and 1 partial ⚠️
...ComponentDetection.Detectors/linux/LinuxScanner.cs	93.7%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@          Coverage Diff           @@
##            main   #1632    +/-   ##
======================================
  Coverage   90.7%   90.8%            
======================================
  Files        444     451     +7     
  Lines      39710   40148   +438     
  Branches    2418    2443    +25     
======================================
+ Hits       36030   36460   +430     
- Misses      3187    3188     +1     
- Partials     493     500     +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.