stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9b58589ba01342d5df7ab3bbfd7370cc970cdd21
git.stella-ops.org/docs/features/unchecked/scanner/ecosystem-specific-version-comparator-factory.md

1.6 KiB
Raw Blame History

Ecosystem-Specific Version Comparator Factory

Module

Scanner

Status

IMPLEMENTED

Description

Factory providing ecosystem-specific version comparison logic for accurate vulnerability matching across different package ecosystems.

Implementation Details

  • Version Comparators:
    • src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/Analyzers/ServiceVersionComparer.cs - Service-level version comparison
    • src/Scanner/__Libraries/StellaOps.Scanner.ServiceSecurity/Analyzers/ServiceVulnerabilityMatcher.cs - Matches vulnerabilities using ecosystem-aware version comparison
  • Per-Language Conflict Detection:
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Conflicts/VersionConflictDetector.cs - Java version conflict detection
    • src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/Internal/Conflicts/VersionConflictDetector.cs - Python version conflict detection
  • Evidence Models:
    • src/Scanner/__Libraries/StellaOps.Scanner.Evidence/Models/VersionComparisonEvidence.cs - Evidence model for version comparisons

E2E Test Plan

  • Scan an image with Java packages and verify Maven version semantics are used for vulnerability matching (e.g., 1.0.0-SNAPSHOT vs 1.0.0)
  • Scan an image with Python packages and verify PEP 440 version comparison is applied
  • Verify version conflict detection flags incompatible version ranges in dependencies
  • Verify ecosystem-specific version comparison produces correct vulnerability match/no-match decisions
  • Verify version comparison evidence is included in scan results