Remove experimental status from DockerfileComponentDetector and update documentation

jpinz · jpinz · commit 40cd60a48e06 · 2026-06-05T12:22:03.000-04:00
diff --git a/docs/detectors/dockerfile.md b/docs/detectors/dockerfile.md
@@ -6,8 +6,6 @@ Dockerfile detection depends on the following to successfully run:
 
 - One or more Dockerfile files matching the patterns: `dockerfile`, `dockerfile.*`, or `*.dockerfile`
 
-The `DockerfileComponentDetector` is an **Experimental** detector. It runs automatically during scans, but its output is not included in the final scan results. To include its output, pass `--DetectorArgs DockerReference=Enable` (the key is the detector Id `DockerReference`, not the class name).
-
 ## Detection strategy
 
 The Dockerfile detector parses Dockerfile syntax to extract Docker image references from `FROM` and `COPY --from` instructions. It uses the [Valleysoft.DockerfileModel](https://github.com/mthalman/DockerfileModel) library to parse Dockerfile syntax.
@@ -32,7 +30,6 @@ The detector supports the full Docker reference grammar via `DockerReferenceUtil
 
 ## Known limitations
 
-- **Experimental Status**: This detector runs automatically but its output is not included in scan results by default. To opt in, pass `--DetectorArgs DockerReference=Enable`
 - **Variable Resolution**: Image references containing unresolved Dockerfile `ARG` or `ENV` variables are not reported, which may lead to under-reporting in Dockerfiles that heavily use build-time variables
 - **No Version Pinning Validation**: The detector does not warn about unpinned image versions (e.g., `latest` tags), which are generally discouraged in production Dockerfiles
 - **Untagged Images Skipped**: Image references with neither a tag nor a digest (e.g. `FROM nginx`) are skipped because they cannot be uniquely identified
diff --git a/src/Microsoft.ComponentDetection.Detectors/dockerfile/DockerfileComponentDetector.cs b/src/Microsoft.ComponentDetection.Detectors/dockerfile/DockerfileComponentDetector.cs
@@ -12,7 +12,7 @@ namespace Microsoft.ComponentDetection.Detectors.Dockerfile;
 using Microsoft.Extensions.Logging;
 using Valleysoft.DockerfileModel;
 
-public class DockerfileComponentDetector : FileComponentDetector, IExperimentalDetector
+public class DockerfileComponentDetector : FileComponentDetector
 {
     private readonly ICommandLineInvocationService commandLineInvocationService;
     private readonly IEnvironmentVariableService envVarService;

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ namespace Microsoft.ComponentDetection.Detectors.Dockerfile;`
`12`	`12`	`using Microsoft.Extensions.Logging;`
`13`	`13`	`using Valleysoft.DockerfileModel;`
`14`	`14`
`15`		`-public class DockerfileComponentDetector : FileComponentDetector, IExperimentalDetector`
	`15`	`+public class DockerfileComponentDetector : FileComponentDetector`
`16`	`16`	`{`
`17`	`17`	`private readonly ICommandLineInvocationService commandLineInvocationService;`
`18`	`18`	`private readonly IEnvironmentVariableService envVarService;`