Known-build binary catalog (Build-ID + hash-based binary identity)

Module

BinaryIndex

IMPLEMENTED

BinaryIdentity model and vulnerability assertion repository implement the binary-key-based catalog using Build-ID and file SHA256 as primary keys.

Modules: src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/, src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/
Key Classes:
- BinaryIdentity (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Models/BinaryIdentity.cs) - core model with Build-ID, file SHA256, symbol tables as primary keys
- BinaryIdentityService (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/BinaryIdentityService.cs) - manages binary identity lifecycle
- BinaryVulnerabilityService (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Services/BinaryVulnerabilityService.cs) - vulnerability assertion repository with Build-ID catalog lookups and match method mapping (buildid_catalog, delta_signature, etc.)
- CachedBinaryVulnerabilityService (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Cache/CachedBinaryVulnerabilityService.cs) - cached decorator with LookupByDeltaSignatureAsync
Interfaces: IBinaryVulnerabilityService, IBinaryVulnAssertionRepository (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Services/)
Models: FixModels (src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Core/Models/) - FixState, FixStatusResult, MatchMethod, MatchEvidence

Register a binary identity with known Build-ID and verify it is stored in the catalog
Query the catalog by Build-ID and verify the correct binary identity is returned
Query by file SHA256 hash and verify the correct binary identity is returned
Assert a vulnerability against a binary identity and verify the assertion is persisted
Verify CachedBinaryVulnerabilityService caches lookups and returns cached results on repeat queries
Verify match method mapping: buildid_catalog maps to MatchMethod.BuildIdCatalog