semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
--- a/docs/features/unchecked/scanner/derivative-distro-mapping-for-backport-detection.md
+++ b/docs/features/unchecked/scanner/derivative-distro-mapping-for-backport-detection.md
@@ -0,0 +1,32 @@
+# Derivative Distro Mapping for Backport Detection
+
+## Module
+Scanner
+
+## Status
+IMPLEMENTED
+
+## Description
+Cross-distro OVAL/CSAF mapping that enables fetching backport rules from derivative distros (RHEL->Alma/Rocky/CentOS, Ubuntu->LinuxMint/Pop!_OS, Debian->Ubuntu) with confidence penalty multipliers (0.95x for same-major, 0.80x for cross-family).
+
+## Implementation Details
+- **Pedigree & Backport Evidence**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Pedigree/FeedserPedigreeDataProvider.cs` - Provides pedigree data with cross-distro backport rules
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Pedigree/CycloneDxPedigreeMapper.cs` - Maps pedigree data including derivative distro mappings
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Pedigree/PatchInfoBuilder.cs` - Builds patch info with backport detection data
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Pedigree/PedigreeNotesGenerator.cs` - Generates pedigree notes with confidence levels
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Emit/Pedigree/IPedigreeDataProvider.cs` - Interface
+- **Version Comparison Evidence**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/VersionComparisonEvidence.cs` - Version comparison evidence for backport detection
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/DeltaSignatureEvidence.cs` - Delta signature evidence
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/EvidenceBundle.cs` - Evidence bundle model
+- **VEX Gate Integration**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Gate/VexGateService.cs` - VEX gate service considering backport status
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Gate/VexGatePolicyEvaluator.cs` - Policy evaluator with backport awareness
+
+## E2E Test Plan
+- [ ] Scan an AlmaLinux image and verify backport rules are fetched from RHEL OVAL data with 0.95x confidence
+- [ ] Scan a Linux Mint image and verify backport rules map from Ubuntu with appropriate confidence penalty
+- [ ] Verify cross-family mapping (e.g., Debian rules applied to Ubuntu) uses 0.80x confidence multiplier
+- [ ] Verify pedigree output includes derivative distro source attribution
+- [ ] Verify backport evidence reduces false positive vulnerability counts for patched packages