Distro Fix Database with Multi-Provider Ingestion

Module

Concelier

IMPLEMENTED

Comprehensive vulnerability feed ingestion from distro (Alpine, Debian, RHEL, SUSE, Ubuntu) and vendor sources with normalization and merge.

Modules: src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/, src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.*/, src/Concelier/__Libraries/StellaOps.Concelier.Persistence/
Key Classes:
- FixIndexService (src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/FixIndexService.cs) - indexed fix status database populated by distro connectors
- BackportStatusService (src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/BackportStatusService.cs) - multi-distro backport status resolution
- PostgresAdvisoryStore (src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/Advisories/PostgresAdvisoryStore.cs) - advisory persistence with multi-provider merge
- PostgresSourceStateAdapter (src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/SourceStateAdapter.cs) - tracks ingestion state per source provider
- Distro Connectors: AlpineConnector, DebianConnector, RedHatConnector, SuseConnector, UbuntuConnector (in src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.*/)
Source: Feature matrix scan

Ingest the same CVE from multiple distro providers and verify the fix database contains entries from all providers
Verify normalization: different distro-specific advisory formats are normalized to a common schema
Verify merge: advisories from different providers for the same CVE are linked to the same canonical
Verify PostgresSourceStateAdapter tracks per-provider ingestion cursors for incremental sync
Verify FixIndexService is populated with fix entries after distro ingestion completes