Add component detectors for Docker Compose, Helm, and Kubernetes

[jpinz]

This pull request adds new detectors for Docker Compose, Helm, and Kubernetes YAML files, enabling the system to automatically discover and register Docker image references found in these types of configuration files. It also updates the service registration and the DetectorClass enum to support these new detectors.

It also adds tests for the new detectors plus the Dockerfile one.

Image references containing unresolved variable placeholders (e.g., ${REGISTRY}/app:${TAG}, {{ .Values.image.tag }}) are silently skipped in all four Docker-related detectors (DockerCompose, Helm, Kubernetes, and Dockerfile) to avoid noisy warnings for otherwise-valid real-world manifests. A shared DockerReferenceUtility.HasUnresolvedVariables helper was added to Microsoft.ComponentDetection.Common to consolidate this logic, and all detectors—including the existing DockerfileComponentDetector—now use it.

The Helm detector uses the combination of a Chart.yaml/Chart.yml file and a *values*.(yaml|yml) file in the same directory to identify Helm charts. Values files found without a co-located Chart file are skipped, avoiding false positives from unrelated values.yaml files in non-Helm projects.

A bug in DetectorRestrictionService was also fixed: when both AllowedDetectorIds and AllowedDetectorCategories are specified, DefaultOff detectors introduced via category expansion are now also constrained by the ID allow-list, producing an intersection rather than an unintended union.

New Detector Checklist

• Component type defined (if new ecosystem) in ComponentType.cs and DetectorClass.cs
• Component class created in TypedComponent/ folder with proper validation
• Detector class created inheriting from FileComponentDetector and implementing IDefaultOffComponentDetector
• Detector registered in ServiceCollectionExtensions.cs
• Constructor properly injects required services
• SearchPatterns defined for file discovery
• OnFileFoundAsync() implemented with component registration logic
• Unit tests created in Detectors.Tests/ using DetectorTestUtilityBuilder
• Verification test resources added to VerificationTests/resources/
• Detector tested locally with --DetectorArgs YourDetectorId=EnableIfDefaultOff

[github-actions]

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

• The detector detects more or fewer components than before
• The detector generates different parent/child graph relationships than before
• The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

[Copilot]

Pull request overview

Adds new YAML-based detectors to Component Detection so Docker image references can be discovered from Docker Compose, Helm values, and Kubernetes manifests, plus updates orchestration wiring and expands detector test coverage.

Changes:

• Introduce new DockerCompose, Helm, and Kubernetes detectors that parse YAML and register DockerReferenceComponent usages.
• Register the new detectors in Orchestrator DI and extend DetectorClass with new categories.
• Add MSTest coverage for the new detectors and add/expand tests for the existing Dockerfile detector.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
test/Microsoft.ComponentDetection.Detectors.Tests/KubernetesComponentDetectorTests.cs	Adds unit tests for K8s YAML image extraction and non-K8s YAML ignoring behavior.
test/Microsoft.ComponentDetection.Detectors.Tests/HelmComponentDetectorTests.cs	Adds unit tests for Helm values.yaml image patterns (scalar, structured, digest, sequences).
test/Microsoft.ComponentDetection.Detectors.Tests/DockerfileComponentDetectorTests.cs	Adds Dockerfile detector tests for FROM, multi-stage, digests, COPY --from, and file patterns.
test/Microsoft.ComponentDetection.Detectors.Tests/DockerComposeComponentDetectorTests.cs	Adds tests for Compose service images, overrides, digests, and build-only services.
src/Microsoft.ComponentDetection.Orchestrator/Extensions/ServiceCollectionExtensions.cs	Registers the three new detectors with DI so they can be executed by the orchestrator.
src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs	New detector implementation for parsing Kubernetes manifests and extracting container images.
src/Microsoft.ComponentDetection.Detectors/helm/HelmComponentDetector.cs	New detector implementation for parsing Helm values.yaml and extracting image references.
src/Microsoft.ComponentDetection.Detectors/dockercompose/DockerComposeComponentDetector.cs	New detector implementation for parsing Compose YAML and extracting service image: references.
src/Microsoft.ComponentDetection.Contracts/DetectorClass.cs	Adds new detector classes/categories for Docker Compose, Helm, and Kubernetes.

Comments suppressed due to low confidence (5)

src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs:104

• This file is compiled with nullable reference types enabled, but apiVersion/kind are declared as non-nullable string and initialized to null, which will fail the build with warnings-as-errors. Make these string? (and similarly update any other locals/returns that can be null).

    private bool IsKubernetesManifest(YamlMappingNode rootMapping)
    {
        string apiVersion = null;
        string kind = null;

        foreach (var entry in rootMapping.Children)
        {
            var key = (entry.Key as YamlScalarNode)?.Value;
            if (string.Equals(key, "apiVersion", StringComparison.OrdinalIgnoreCase))
            {
                apiVersion = (entry.Value as YamlScalarNode)?.Value;
            }
            else if (string.Equals(key, "kind", StringComparison.OrdinalIgnoreCase))
            {
                kind = (entry.Value as YamlScalarNode)?.Value;
            }

src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs:217

• GetMappingChild returns null when the key isn't present, but the return type is non-nullable YamlMappingNode. With nullable enabled + warnings-as-errors this will fail compilation. Change the return type to YamlMappingNode? (and update call sites accordingly).

    private static YamlMappingNode GetMappingChild(YamlMappingNode parent, string key)
    {
        foreach (var entry in parent.Children)
        {
            if (entry.Key is YamlScalarNode scalarKey && string.Equals(scalarKey.Value, key, StringComparison.OrdinalIgnoreCase))
            {
                return entry.Value as YamlMappingNode;
            }
        }

        return null;

src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs:230

• GetSequenceChild returns null when the key isn't present, but the return type is non-nullable YamlSequenceNode. With nullable enabled + warnings-as-errors this will fail compilation. Change the return type to YamlSequenceNode? (and update call sites accordingly).

    private static YamlSequenceNode GetSequenceChild(YamlMappingNode parent, string key)
    {
        foreach (var entry in parent.Children)
        {
            if (entry.Key is YamlScalarNode scalarKey && string.Equals(scalarKey.Value, key, StringComparison.OrdinalIgnoreCase))
            {
                return entry.Value as YamlSequenceNode;
            }
        }

        return null;

src/Microsoft.ComponentDetection.Detectors/helm/HelmComponentDetector.cs:135

• This method initializes non-nullable string locals (repository, tag, digest, registry) to null. With nullable enabled + TreatWarningsAsErrors, this will fail the build. Use string? for these locals (and keep the subsequent null/whitespace checks).

    private void TryRegisterStructuredImageReference(YamlMappingNode imageMapping, ISingleFileComponentRecorder recorder, string fileLocation)
    {
        string repository = null;
        string tag = null;
        string digest = null;
        string registry = null;

src/Microsoft.ComponentDetection.Detectors/dockercompose/DockerComposeComponentDetector.cs:137

• GetMappingChild returns null when the key isn't present, but the return type is non-nullable YamlMappingNode. With nullable enabled + warnings-as-errors this will fail compilation. Change the return type to YamlMappingNode? and update call sites accordingly.

    private static YamlMappingNode GetMappingChild(YamlMappingNode parent, string key)
    {
        foreach (var entry in parent.Children)
        {
            if (entry.Key is YamlScalarNode scalarKey && string.Equals(scalarKey.Value, key, StringComparison.OrdinalIgnoreCase))
            {
                return entry.Value as YamlMappingNode;
            }
        }

        return null;

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (1)

src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs:86

• The exception handler logs "Skipping non-Kubernetes YAML file" for any exception, but exceptions here primarily represent YAML parse/processing failures (a file can be a Kubernetes manifest but malformed). Consider adjusting the message to reflect parse errors (or splitting try/catch so non-Kubernetes vs parse-failure are distinguished) to avoid misleading diagnostics.

        catch (Exception e)
        {
            // Not all YAML files are Kubernetes manifests; silently skip parse errors
            this.Logger.LogDebug(e, "Skipping non-Kubernetes YAML file: {Location}", file.Location);
        }

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

[Copilot]

Pull request overview

This PR extends Component Detection’s Docker image reference scanning by adding DefaultOff detectors for Docker Compose, Helm values, and Kubernetes manifests, plus consolidates “skip unresolved template variables” behavior into a shared Docker reference helper. It also wires the new detectors into DI, updates detector taxonomy, and adds unit + verification resources and workflow/script updates to exercise the new detectors.

Changes:

• Added new detectors: DockerComposeComponentDetector, HelmComponentDetector, KubernetesComponentDetector to discover Docker image references in YAML-based config formats.
• Introduced DockerReferenceUtility.HasUnresolvedVariables / TryParseImageReference / TryRegisterImageReference and updated Dockerfile detector to use the shared logic.
• Added unit tests + verification resources and enabled the new detectors in verification scripts/workflows; updated DetectorClass and DI registration.

Show a summary per file

File	Description
src/Microsoft.ComponentDetection.Detectors/dockercompose/DockerComposeComponentDetector.cs	New Docker Compose detector parsing compose YAML and registering image references.
src/Microsoft.ComponentDetection.Detectors/helm/HelmComponentDetector.cs	New Helm detector that filters to values files co-located with a chart file and extracts image references.
src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs	New Kubernetes detector that pre-filters YAML then parses manifests to extract container image references.
src/Microsoft.ComponentDetection.Common/DockerReference/DockerReferenceUtility.cs	Adds shared “unresolved variable” detection and safe parse/register helpers used by Docker-related detectors.
src/Microsoft.ComponentDetection.Detectors/dockerfile/DockerfileComponentDetector.cs	Updates Dockerfile parsing to use shared Docker reference parsing + unresolved-variable skipping.
src/Microsoft.ComponentDetection.Orchestrator/Extensions/ServiceCollectionExtensions.cs	Registers the new detectors in DI.
src/Microsoft.ComponentDetection.Contracts/DetectorClass.cs	Adds DockerCompose, Helm, Kubernetes detector classes.
test/Microsoft.ComponentDetection.Detectors.Tests/DockerComposeComponentDetectorTests.cs	Unit tests for Docker Compose detection scenarios (tags/digests/overrides/variable skipping).
test/Microsoft.ComponentDetection.Detectors.Tests/HelmComponentDetectorTests.cs	Unit tests for Helm values parsing (structured/direct refs, co-location behavior, variable skipping).
test/Microsoft.ComponentDetection.Detectors.Tests/KubernetesComponentDetectorTests.cs	Unit tests for Kubernetes workload kinds + variable skipping and non-K8s YAML rejection.
test/Microsoft.ComponentDetection.Detectors.Tests/DockerfileComponentDetectorTests.cs	Adds/updates Dockerfile tests including variable skipping, digests, stages.
docs/detectors/dockercompose.md	Documentation for Docker Compose detector behavior and limitations.
docs/detectors/helm.md	Documentation for Helm detector behavior and limitations.
docs/detectors/kubernetes.md	Documentation for Kubernetes detector behavior and limitations.
docs/detectors/README.md	Adds detector entries/links for the new docs.
test/Microsoft.ComponentDetection.VerificationTests/resources/dockercompose/docker-compose.yml	Verification resource for Docker Compose detection.
test/Microsoft.ComponentDetection.VerificationTests/resources/dockercompose/docker-compose.override.yml	Verification resource for Docker Compose override detection.
test/Microsoft.ComponentDetection.VerificationTests/resources/helm/Chart.yaml	Verification resource to mark Helm chart root.
test/Microsoft.ComponentDetection.VerificationTests/resources/helm/values.yaml	Verification resource for Helm values image extraction.
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/deployment.yaml	Verification resource for Kubernetes detection (multiple images, digests).
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/statefulset.yaml	Verification resource for Kubernetes detection (statefulset image).
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/cronjob.yaml	Verification resource for Kubernetes detection (cronjob image).
test/Microsoft.ComponentDetection.VerificationTests/resources/VerificationTest.ps1	Enables new detectors in local verification test script.
.github/workflows/snapshot-verify.yml	Enables new detectors during snapshot verification scans.
.github/workflows/snapshot-publish.yml	Enables new detectors during snapshot publish scans.
.gitignore	Ignores .nuget/.

Copilot's findings

• Files reviewed: 25/26 changed files
• Comments generated: 3

[Copilot]

Pull request overview

Adds new Docker-image–focused detectors (Docker Compose, Helm values, Kubernetes manifests) to Component Detection, plus shared parsing/skip logic for variable-interpolated image references and accompanying docs/tests/resources.

Changes:

• Introduce DockerComposeComponentDetector, HelmComponentDetector, and KubernetesComponentDetector to detect Docker image references in YAML-based configs.
• Add DockerReferenceUtility.HasUnresolvedVariables + TryParseImageReference/TryRegisterImageReference and update Dockerfile detector to use the shared logic.
• Expand DetectorClass, wire detectors into DI, and add unit + verification-test resources and workflow enablement for snapshot runs.

Show a summary per file

File	Description
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/statefulset.yaml	Adds Kubernetes sample manifest with an image reference for verification tests.
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/deployment.yaml	Adds Kubernetes deployment samples covering tags and digests.
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/cronjob.yaml	Adds Kubernetes CronJob sample manifest for verification tests.
test/Microsoft.ComponentDetection.VerificationTests/resources/helm/values.yaml	Adds Helm values sample with multiple image specification patterns for verification tests.
test/Microsoft.ComponentDetection.VerificationTests/resources/helm/Chart.yaml	Adds Helm chart marker file for co-location verification tests.
test/Microsoft.ComponentDetection.VerificationTests/resources/dockercompose/docker-compose.yml	Adds Docker Compose sample file for verification tests.
test/Microsoft.ComponentDetection.VerificationTests/resources/dockercompose/docker-compose.override.yml	Adds Compose override sample for verification tests.
test/Microsoft.ComponentDetection.Detectors.Tests/KubernetesComponentDetectorTests.cs	Adds unit tests for Kubernetes detector image extraction and filtering behavior.
test/Microsoft.ComponentDetection.Detectors.Tests/HelmComponentDetectorTests.cs	Adds unit tests for Helm values parsing and chart co-location behavior.
test/Microsoft.ComponentDetection.Detectors.Tests/DockerfileComponentDetectorTests.cs	Adds/updates Dockerfile detector tests, including variable-interpolation skipping.
test/Microsoft.ComponentDetection.Detectors.Tests/DockerComposeComponentDetectorTests.cs	Adds unit tests for Docker Compose detector image extraction and skipping.
src/Microsoft.ComponentDetection.Orchestrator/Extensions/ServiceCollectionExtensions.cs	Registers new detectors in orchestrator DI container.
src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs	Implements Kubernetes YAML parsing and image extraction logic.
src/Microsoft.ComponentDetection.Detectors/helm/HelmComponentDetector.cs	Implements Helm values parsing with chart co-location pre-filtering.
src/Microsoft.ComponentDetection.Detectors/dockerfile/DockerfileComponentDetector.cs	Switches Dockerfile detector to shared image parsing + variable-skip helpers and nullable enablement.
src/Microsoft.ComponentDetection.Detectors/dockercompose/DockerComposeComponentDetector.cs	Implements Docker Compose YAML parsing and image extraction logic.
src/Microsoft.ComponentDetection.Contracts/DetectorClass.cs	Adds detector categories for DockerCompose/Helm/Kubernetes.
src/Microsoft.ComponentDetection.Common/DockerReference/DockerReferenceUtility.cs	Adds shared unresolved-variable detection and safe parse/register helpers.
docs/detectors/kubernetes.md	Documents Kubernetes detector behavior, patterns, and limitations.
docs/detectors/helm.md	Documents Helm detector behavior, patterns, and limitations.
docs/detectors/dockercompose.md	Documents Docker Compose detector behavior, patterns, and limitations.
docs/detectors/README.md	Adds the new detectors to detector documentation index.
.gitignore	Ignores local .nuget/ folder.
.github/workflows/snapshot-verify.yml	Enables new DefaultOff detectors during snapshot verification scans.
.github/workflows/snapshot-publish.yml	Enables new DefaultOff detectors during snapshot publish scans.

Copilot's findings

Comments suppressed due to low confidence (1)

src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs:18

• This detector is described (in docs/workflows/PR description) as DefaultOff, but the class does not implement IDefaultOffComponentDetector. As written, it will run by default and scan all *.yml/*.yaml files, which is a significant behavioral/perf change. Implement IDefaultOffComponentDetector (or update the docs/registration if it is intended to be on by default).

public class KubernetesComponentDetector : FileComponentDetector
{

• Files reviewed: 24/25 changed files
• Comments generated: 1

[Copilot]

Pull request overview

Adds DefaultOff detectors that scan Docker-related configuration formats (Docker Compose, Helm values, Kubernetes manifests) to discover Docker image references and register them as DockerReference components, plus shared utility improvements and accompanying tests/docs.

Changes:

• Added new DefaultOff detectors: DockerComposeComponentDetector, HelmComponentDetector, KubernetesComponentDetector.
• Added shared helper APIs in DockerReferenceUtility to skip unresolved-variable image references and to safely parse/register references.
• Added/updated unit tests, verification resources, docs, DI registration, and extended DetectorClass.

Show a summary per file

File	Description
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/statefulset.yaml	Adds Kubernetes manifest sample for verification tests (image extraction).
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/deployment.yaml	Adds Kubernetes deployment sample covering multiple image reference forms.
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/cronjob.yaml	Adds Kubernetes CronJob sample for verification tests.
test/Microsoft.ComponentDetection.VerificationTests/resources/helm/values.yaml	Adds Helm values sample with multiple image patterns for verification tests.
test/Microsoft.ComponentDetection.VerificationTests/resources/helm/Chart.yaml	Adds minimal Helm chart metadata to qualify the values file as Helm.
test/Microsoft.ComponentDetection.VerificationTests/resources/dockercompose/docker-compose.yml	Adds docker-compose sample for verification tests (multiple services/images).
test/Microsoft.ComponentDetection.VerificationTests/resources/dockercompose/docker-compose.override.yml	Adds compose override sample for verification tests.
test/Microsoft.ComponentDetection.Detectors.Tests/KubernetesComponentDetectorTests.cs	Unit tests for Kubernetes image extraction + skipping unresolved variables.
test/Microsoft.ComponentDetection.Detectors.Tests/HelmComponentDetectorTests.cs	Unit tests for Helm values parsing + chart co-location filtering.
test/Microsoft.ComponentDetection.Detectors.Tests/DockerfileComponentDetectorTests.cs	Adds/updates tests for Dockerfile parsing and unresolved-variable skipping.
test/Microsoft.ComponentDetection.Detectors.Tests/DockerComposeComponentDetectorTests.cs	Unit tests for Docker Compose parsing and unresolved-variable skipping.
src/Microsoft.ComponentDetection.Orchestrator/Extensions/ServiceCollectionExtensions.cs	Registers the new detectors in DI.
src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs	New Kubernetes YAML detector with fast pre-filter + YAML parsing for image: fields.
src/Microsoft.ComponentDetection.Detectors/helm/HelmComponentDetector.cs	New Helm detector that filters values files to chart directories and walks YAML for image keys.
src/Microsoft.ComponentDetection.Detectors/dockerfile/DockerfileComponentDetector.cs	Updates Dockerfile detector to use shared “try-parse / skip unresolved variables” logic.
src/Microsoft.ComponentDetection.Detectors/dockercompose/DockerComposeComponentDetector.cs	New Docker Compose detector that extracts service image references.
src/Microsoft.ComponentDetection.Contracts/DetectorClass.cs	Adds enum entries for DockerCompose/Helm/Kubernetes categories.
src/Microsoft.ComponentDetection.Common/DockerReference/DockerReferenceUtility.cs	Adds shared unresolved-variable detection and safe parse/register helpers.
docs/detectors/kubernetes.md	New Kubernetes detector documentation.
docs/detectors/helm.md	New Helm detector documentation.
docs/detectors/dockercompose.md	New Docker Compose detector documentation.
docs/detectors/README.md	Links new detector docs and status tables.
.gitignore	Ignores .nuget/ directory.

Copilot's findings

Comments suppressed due to low confidence (1)

src/Microsoft.ComponentDetection.Detectors/helm/HelmComponentDetector.cs:56

• processRequests.ToList() returns an IObservable<IList<ProcessRequest>> (Rx), so await processRequests.ToList() won’t compile. Use the Rx ToTask(cancellationToken) pattern (as in other detectors) to materialize the observable, and add the needed System.Reactive.Threading.Tasks import.

    protected override async Task<IObservable<ProcessRequest>> OnPrepareDetectionAsync(
        IObservable<ProcessRequest> processRequests,
        IDictionary<string, string> detectorArgs,
        CancellationToken cancellationToken = default)
    {
        var allRequests = await processRequests.ToList();

        var chartDirectories = new HashSet<string>(

• Files reviewed: 22/23 changed files
• Comments generated: 2

[Copilot]

Pull request overview

This PR adds new DefaultOff detectors to discover Docker image references in Docker Compose, Helm values, and Kubernetes manifests, and centralizes “skip unresolved variable placeholders” handling across Docker-related detectors.

Changes:

• Added DockerComposeComponentDetector, HelmComponentDetector, and KubernetesComponentDetector, and registered them in the orchestrator.
• Introduced DockerReferenceUtility.HasUnresolvedVariables / TryParseImageReference / TryRegisterImageReference, and updated the Dockerfile detector to use the shared logic.
• Added/updated unit tests, verification resources, and detector documentation pages.

Show a summary per file

File	Description
src/Microsoft.ComponentDetection.Orchestrator/Extensions/ServiceCollectionExtensions.cs	Registers the new detectors in DI.
src/Microsoft.ComponentDetection.Detectors/dockercompose/DockerComposeComponentDetector.cs	New detector for extracting services.*.image from compose YAML.
src/Microsoft.ComponentDetection.Detectors/helm/HelmComponentDetector.cs	New detector for Helm chart values image extraction with chart co-location filtering.
src/Microsoft.ComponentDetection.Detectors/kubernetes/KubernetesComponentDetector.cs	New detector for extracting container images from supported Kubernetes workload kinds.
src/Microsoft.ComponentDetection.Detectors/dockerfile/DockerfileComponentDetector.cs	Refactors parsing to use shared Docker reference parsing/variable-skipping helpers.
src/Microsoft.ComponentDetection.Common/DockerReference/DockerReferenceUtility.cs	Adds shared unresolved-variable detection and safe parse/register helpers.
src/Microsoft.ComponentDetection.Contracts/DetectorClass.cs	Extends DetectorClass with DockerCompose/Helm/Kubernetes.
test/Microsoft.ComponentDetection.Detectors.Tests/DockerComposeComponentDetectorTests.cs	New unit tests for docker-compose detection behavior.
test/Microsoft.ComponentDetection.Detectors.Tests/HelmComponentDetectorTests.cs	New unit tests for Helm values detection behavior and co-location logic.
test/Microsoft.ComponentDetection.Detectors.Tests/KubernetesComponentDetectorTests.cs	New unit tests for Kubernetes manifest detection and image extraction.
test/Microsoft.ComponentDetection.Detectors.Tests/DockerfileComponentDetectorTests.cs	Adds/updates tests for Dockerfile detector behavior (including unresolved variables).
test/Microsoft.ComponentDetection.VerificationTests/resources/dockercompose/docker-compose.yml	Verification resource for compose detection.
test/Microsoft.ComponentDetection.VerificationTests/resources/dockercompose/docker-compose.override.yml	Verification resource for compose override detection.
test/Microsoft.ComponentDetection.VerificationTests/resources/helm/Chart.yaml	Verification resource for Helm chart co-location.
test/Microsoft.ComponentDetection.VerificationTests/resources/helm/values.yaml	Verification resource for Helm values image discovery.
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/deployment.yaml	Verification resource for Kubernetes workloads and image formats.
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/statefulset.yaml	Verification resource for Kubernetes statefulset image discovery.
test/Microsoft.ComponentDetection.VerificationTests/resources/kubernetes/cronjob.yaml	Verification resource for Kubernetes cronjob image discovery.
docs/detectors/dockercompose.md	New detector documentation page.
docs/detectors/helm.md	New detector documentation page.
docs/detectors/kubernetes.md	New detector documentation page.
docs/detectors/README.md	Adds the new detectors to the detector docs index.
.gitignore	Ignores local .nuget/ folder.

Copilot's findings

• Files reviewed: 22/23 changed files
• Comments generated: 2

[Copilot]

SearchPatterns/IsChartFile treat Chart.yml as a valid chart indicator, but the unit tests only cover Chart.yml without a values file (expecting no components). Add a test that verifies a co-located Chart.yml + values file is actually processed (or drop Chart.yml support if it’s not intended).

[Copilot]

fileLocation is threaded through ExtractImageReferencesFromValues/WalkYamlForImages but never used. Consider removing the parameter (and corresponding call-site arguments) or using it for logging/context to avoid dead parameters being propagated through the recursion.

[grvillic]

There is no need to add all detectors in a single PR, break them up into separate PRs.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.0%. Comparing base (52155a6) to head (930d0b2).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@     Coverage Diff      @@
##   main   #1759   +/-   ##
============================
============================

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.