Skip to content

Add Static Reachability support for Java

Orin Naamanrequested to merge
implement-java-enricher into main

What does this MR do and why?

This merge request adds support for Java static reachability analysis to the dependency scanning system. The main changes include:

  • Added a new java enricher

  • Updated the Docker build to download Java-specific metadata files (Maven repository data) alongside the existing Python metadata.

  • Introduced a radix tree data structure to efficiently store and retrieve Java package import path information

  • Modified various configuration files to recognize Java as a supported language

  • Updated static reachability report/handler.go to properly handle Java import paths

  • Updated tests

-> Note: We currently have the radix tree locally in maven/metadata and ignore it via dockerignore. This is used mainly for the E2E tests.

  • See performance impact here

  • See manual testing and coverage updates here

Related issues

Static Reachability - Java Support: Extend Depe... (gitlab-org/gitlab#530745 - closed) • Orin Naaman • 18.5 • Needs attention

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited by Orin Naaman

Merge request reports