# Ecosystem-Specific Version Comparator Factory

## Module
Scanner

## Status
VERIFIED

## Description
Factory providing ecosystem-specific version comparison logic for accurate vulnerability matching across different package ecosystems.

## Implementation Details
- **Version Comparators**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/Analyzers/ServiceVersionComparer.cs` - Service-level version comparison
  - `src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/Analyzers/ServiceVulnerabilityMatcher.cs` - Matches vulnerabilities using ecosystem-aware version comparison
- **Per-Language Conflict Detection**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Conflicts/VersionConflictDetector.cs` - Java version conflict detection
  - `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Conflicts/VersionConflictDetector.cs` - Python version conflict detection
- **Evidence Models**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/VersionComparisonEvidence.cs` - Evidence model for version comparisons

## E2E Test Plan
- [ ] Scan an image with Java packages and verify Maven version semantics are used for vulnerability matching (e.g., `1.0.0-SNAPSHOT` vs `1.0.0`)
- [ ] Scan an image with Python packages and verify PEP 440 version comparison is applied
- [ ] Verify version conflict detection flags incompatible version ranges in dependencies
- [ ] Verify ecosystem-specific version comparison produces correct vulnerability match/no-match decisions
- [ ] Verify version comparison evidence is included in scan results

---

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |