git.stella-ops.org/docs/db/reports/vuln-verification-2025-12-05.md

# Concelier/Vulnerability Index · PostgreSQL Verification (Fresh Start)
Date: 2025-12-05
Status: PASS (fresh-start; feed-driven)

## Scope
- Backend: `StellaOps.Concelier.Storage.Postgres`
- Storage: PostgreSQL (schema `vuln`)
- Coverage: sources, feed_snapshots, advisory_snapshots, advisories, aliases, cvss, affected, references, credits, weaknesses, kev_flags, source_states, merge_events
- Approach: Fresh-start; no Mongo backfill. Validation performed against deterministic feed ingest and matching regression suite.

## Environment
- PostgreSQL 17 (staging)
- Migrations: `V001_CreateVulnSchema` applied; no pending release migrations
- Persistence: `Persistence:Concelier = Postgres`

## Results
- Feed import regression suite: PASS (NVD/OSV/GHSA sample feeds)
- Matching regression: PASS (SBOM fixtures) with strict ordering determinism
- KEV flag lookups: PASS (sample set)
- Performance smoke: p95 advisory lookup < 50 ms (staging)
- Tenant isolation: PASS

## Notes
- No Mongo parity performed (fresh-start decision); counts derived solely from feeds.
- Data volumes will grow with ongoing feeds; monitor indexes and vacuum.

## Issues / Follow-ups
- None observed; monitor feed ingest latency under full load.

## Sign-off
- QA: ✓
- Tech Lead: ✓