save checkpoint

docs/features/checked/scanner/ecosystem-specific-version-comparator-factory.md

@@ -0,0 +1,38 @@
+# Ecosystem-Specific Version Comparator Factory
+
+## Module
+Scanner
+
+## Status
+VERIFIED
+
+## Description
+Factory providing ecosystem-specific version comparison logic for accurate vulnerability matching across different package ecosystems.
+
+## Implementation Details
+- **Version Comparators**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/Analyzers/ServiceVersionComparer.cs` - Service-level version comparison
+  - `src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/Analyzers/ServiceVulnerabilityMatcher.cs` - Matches vulnerabilities using ecosystem-aware version comparison
+- **Per-Language Conflict Detection**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Conflicts/VersionConflictDetector.cs` - Java version conflict detection
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Conflicts/VersionConflictDetector.cs` - Python version conflict detection
+- **Evidence Models**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/VersionComparisonEvidence.cs` - Evidence model for version comparisons
+
+## E2E Test Plan
+- [ ] Scan an image with Java packages and verify Maven version semantics are used for vulnerability matching (e.g., `1.0.0-SNAPSHOT` vs `1.0.0`)
+- [ ] Scan an image with Python packages and verify PEP 440 version comparison is applied
+- [ ] Verify version conflict detection flags incompatible version ranges in dependencies
+- [ ] Verify ecosystem-specific version comparison produces correct vulnerability match/no-match decisions
+- [ ] Verify version comparison evidence is included in scan results
+
+---
+
+## Verification
+
+| Check | Result |
+|-------|--------|
+| Tier 0 - Source files exist | PASS |
+| Tier 1 - Build + code review | PASS |
+| Tier 2 - Integration tests | PASS |
+| Verified | 2026-02-13T18:10:00Z |