stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat: Implement distro-native version comparison for RPM, Debian, and Alpine packages

Browse Source 
- Add RpmVersionComparer for RPM version comparison with epoch, version, and release handling.
- Introduce DebianVersion for parsing Debian EVR (Epoch:Version-Release) strings.
- Create ApkVersion for parsing Alpine APK version strings with suffix support.
- Define IVersionComparator interface for version comparison with proof-line generation.
- Implement VersionComparisonResult struct to encapsulate comparison results and proof lines.
- Add tests for Debian and RPM version comparers to ensure correct functionality and edge case handling.
- Create project files for the version comparison library and its tests.
This commit is contained in:
StellaOps Bot
2025-12-22 09:49:38 +02:00
parent aff0ceb2fe
commit 634233dfed
112 changed files with 31925 additions and 1813 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
docs/implplan/SPRINT_4600_SUMMARY.md Normal file
View File

@@ -0,0 +1,57 @@
# SPRINT_4600 SUMMARY: SBOM Lineage & BYOS Ingestion
## Program Overview
| Field | Value |
|-------|-------|
| **Program ID** | 4600 |
| **Theme** | SBOM Operations: Historical Tracking, Lineage, and Ingestion |
| **Priority** | P2 (Medium) |
| **Total Effort** | ~5 weeks |
| **Advisory Source** | 19-Dec-2025 - Stella Ops candidate features mapped to moat strength |
---
## Strategic Context
SBOM storage is becoming table stakes. Differentiation comes from:
1. **Lineage ledger** — Historical tracking with semantic diff
2. **BYOS ingestion** — Accept external SBOMs into the analysis pipeline
---
## Sprint Breakdown
| Sprint ID | Title | Effort | Moat |
|-----------|-------|--------|------|
| 4600_0001_0001 | SBOM Lineage Ledger | 3 weeks | 3 |
| 4600_0001_0002 | BYOS Ingestion Workflow | 2 weeks | 3 |
---
## Dependencies
- **Requires**: SbomService (exists)
- **Requires**: Graph module (exists)
- **Requires**: SPRINT_4600_0001_0001 for BYOS
---
## Outcomes
1. SBOM versions are chained by artifact identity
2. Historical queries and diffs are available
3. External SBOMs can be uploaded and analyzed
4. Lineage relationships are queryable
---
## Moat Strategy
> "Make the ledger valuable via **semantic diff, evidence joins, and provenance** rather than storage."
---
**Sprint Series Status:** TODO
**Created:** 2025-12-22