git.stella-ops.org/src/__Tests/interop/StellaOps.Interop.Tests/FindingsComparer.cs

using System.Collections.Generic;
using System.Linq;

namespace StellaOps.Interop.Tests;

public static class FindingsComparer
{
    public static FindingsComparisonResult Compare(
        IReadOnlyList<Finding> stellaFindings,
        IReadOnlyList<GrypeFinding> grypeFindings,
        decimal tolerancePercent = 5)
    {
        var stellaVulns = stellaFindings
            .Select(f => (f.VulnerabilityId, f.PackagePurl))
            .ToHashSet();

        var grypeVulns = grypeFindings
            .Select(f => (f.VulnerabilityId, f.PackagePurl))
            .ToHashSet();

        var onlyInStella = stellaVulns.Except(grypeVulns).ToList();
        var onlyInGrype = grypeVulns.Except(stellaVulns).ToList();
        var inBoth = stellaVulns.Intersect(grypeVulns).ToList();

        var totalUnique = stellaVulns.Union(grypeVulns).Count();
        var parityPercent = totalUnique > 0
            ? (decimal)inBoth.Count / totalUnique * 100
            : 100;

        return new FindingsComparisonResult(
            ParityPercent: parityPercent,
            IsWithinTolerance: parityPercent >= (100 - tolerancePercent),
            StellaTotalFindings: stellaFindings.Count,
            GrypeTotalFindings: grypeFindings.Count,
            MatchingFindings: inBoth.Count,
            OnlyInStella: onlyInStella.Count,
            OnlyInGrype: onlyInGrype.Count,
            OnlyInStellaDetails: onlyInStella,
            OnlyInGrypeDetails: onlyInGrype);
    }
}