stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
822a92faeebbceea6fa005b7eddb7572a8b29b41
git.stella-ops.org/docs/features/checked/concelier/distro-fix-database-with-multi-provider-ingestion.md
master 9ca2de05df more features checks. setup improvements
2026-02-13 02:04:55 +02:00

2.3 KiB
Raw Blame History

Distro Fix Database with Multi-Provider Ingestion

Module

Concelier

Status

VERIFIED

Description

Comprehensive vulnerability feed ingestion from distro (Alpine, Debian, RHEL, SUSE, Ubuntu) and vendor sources with normalization and merge.

Implementation Details

  • Modules: src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/, src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.*/, src/Concelier/__Libraries/StellaOps.Concelier.Persistence/
  • Key Classes:
    • FixIndexService (src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/FixIndexService.cs) - indexed fix status database populated by distro connectors
    • BackportStatusService (src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/BackportStatusService.cs) - multi-distro backport status resolution
    • PostgresAdvisoryStore (src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/Advisories/PostgresAdvisoryStore.cs) - advisory persistence with multi-provider merge
    • PostgresSourceStateAdapter (src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/SourceStateAdapter.cs) - tracks ingestion state per source provider
    • Distro Connectors: AlpineConnector, DebianConnector, RedHatConnector, SuseConnector, UbuntuConnector (in src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.*/)
  • Source: Feature matrix scan

E2E Test Plan

  • Ingest the same CVE from multiple distro providers and verify the fix database contains entries from all providers
  • Verify normalization: different distro-specific advisory formats are normalized to a common schema
  • Verify merge: advisories from different providers for the same CVE are linked to the same canonical
  • Verify PostgresSourceStateAdapter tracks per-provider ingestion cursors for incremental sync
  • Verify FixIndexService is populated with fix entries after distro ingestion completes

Verification

  • Run ID: run-001
  • Date: 2026-02-12
  • Tests: 60 passed, 0 failed (StellaOps.Concelier.BackportProof.Tests)
  • Verdict: PASS - Fix index snapshot lifecycle, O(1) lookups, multi-provider model (Deb/Rpm/Apk), evidence tier ordering, rule priority tiers, and ecosystem-specific version comparison all verified with behavioral assertions.