1.5 KiB
1.5 KiB
Vulnerability Parity Report · 2025-12-11
Scope
- Dual-import parity between MongoDB and PostgreSQL for Concelier vulnerability index (Sprint 3405 · PG-T5b.3–5b.6).
- Sample size: 10k advisories + associated affected records; SBOM set: TBD (list below).
Inputs
- Mongo source: <connection / dump path>
- Postgres target:
- Dual-import mode: enabled/disabled (state)
- SBOM sample set:
- TODO: populate paths (e.g., tests/fixtures/sbom/...)
Methods
- Importers used: NVD, OSV, GHSA, vendor.
- Comparison queries:
- Advisory count by source
- Affected count by PURL and version range
- CVSS vectors/score deltas
- KEV flags count
- Full-text search sample (top 20 queries)
- Matching check:
- Run matching against SBOM set with Mongo backend
- Run matching against SBOM set with Postgres backend
- Diff findings:
Results
- Counts:
- Advisories Mongo:
- Advisories Postgres:
- Affected Mongo:
- Affected Postgres:
- CVSS rows Mongo/Postgres: /
- KEV rows Mongo/Postgres: /
- Findings parity on SBOM set:
- Total findings Mongo/Postgres: /
- Deltas: (list top examples)
- Performance snapshot:
- Import time (Postgres): <>
- Match time per SBOM (avg/p95): <>
Verdict
- Parity status: PASS / FAIL
- Required fixes: <list or "none">
- Blocking issues:
Next Actions
- If PASS: proceed to PG-T5b.5 (perf tuning) and schedule PG-T5b.6 cutover window.
- If FAIL: capture defects and owners; rerun parity after fixes.