Add support for NuGet components in containers

[JamieMagee]

This extends on the support added in #1529 to support detection of NuGet packages in containers.

As an example, I ran

$ dotnet run --project src/Microsoft.ComponentDetection -- scan \
        --SourceDirectory ~/src/scratch/empty-directory/ \
        --Output scan-output \
        --DockerImagesToScan mcr.microsoft.com/dotnet/sdk:10.0-azurelinux3.0

Which gave the output here

[github-actions]

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

• The detector detects more or fewer components than before
• The detector generates different parent/child graph relationships than before
• The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

[codecov]

Codecov Report

❌ Patch coverage is 25.00000% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.5%. Comparing base (32c05fb) to head (098b031).
⚠️ Report is 5 commits behind head on main.

Files with missing lines	Patch %	Lines
...etectors/linux/Factories/DotnetComponentFactory.cs	8.3%	11 Missing ⚠️
...n.Detectors/linux/LinuxApplicationLayerDetector.cs	66.6%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##            main   #1548     +/-   ##
=======================================
- Coverage   89.6%   89.5%   -0.1%     
=======================================
  Files        426     427      +1     
  Lines      36256   36270     +14     
  Branches    2260    2262      +2     
=======================================
+ Hits       32493   32497      +4     
- Misses      3300    3311     +11     
+ Partials     463     462      -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull Request Overview

This PR adds support for detecting NuGet packages in container images by extending the Linux container detector functionality. It builds on the infrastructure added in PR #1529 to support additional package ecosystems in container scans.

• Introduces DotnetComponentFactory to create NuGet components from Syft artifact output
• Updates LinuxContainerDetector to include NuGet in supported categories and component types
• Registers the new factory in the DI container for integration with the scanning pipeline

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
src/Microsoft.ComponentDetection.Orchestrator/Extensions/ServiceCollectionExtensions.cs	Registers DotnetComponentFactory in the DI container alongside other artifact component factories
src/Microsoft.ComponentDetection.Detectors/linux/LinuxContainerDetector.cs	Adds NuGet to the detector's supported categories and component types
src/Microsoft.ComponentDetection.Detectors/linux/Factories/DotnetComponentFactory.cs	New factory that creates NuGetComponent instances from dotnet artifact types detected by Syft

Comments suppressed due to low confidence (1)

src/Microsoft.ComponentDetection.Detectors/linux/Factories/DotnetComponentFactory.cs:37

• The new DotnetComponentFactory should be added to the componentFactories list in the LinuxScannerTests test constructor to ensure it's included in test coverage. Currently, only LinuxComponentFactory, NpmComponentFactory, and PipComponentFactory are included in the tests. The factory should be added to match the pattern used for the other component factories.

This would ensure that tests like TestLinuxScanner_SupportsMultipleComponentTypes_Async can properly test dotnet artifacts alongside other component types.

public class DotnetComponentFactory : ArtifactComponentFactoryBase
{
    /// <inheritdoc/>
    public override IEnumerable<string> SupportedArtifactTypes => ["dotnet"];

    /// <inheritdoc/>
    public override TypedComponent? CreateComponent([NotNull] ArtifactElement artifact, [NotNull] Distro distro)
    {
        if (string.IsNullOrWhiteSpace(artifact.Name) || string.IsNullOrWhiteSpace(artifact.Version))
        {
            return null;
        }

        var author = GetAuthorFromArtifact(artifact);
        var authors = string.IsNullOrWhiteSpace(author) ? null : new[] { author };

        return new NuGetComponent(
            name: artifact.Name,
            version: artifact.Version,
            authors: authors);
    }
}