df94136727
- Add RpmVersionComparer for RPM version comparison with epoch, version, and release handling. - Introduce DebianVersion for parsing Debian EVR (Epoch:Version-Release) strings. - Create ApkVersion for parsing Alpine APK version strings with suffix support. - Define IVersionComparator interface for version comparison with proof-line generation. - Implement VersionComparisonResult struct to encapsulate comparison results and proof lines. - Add tests for Debian and RPM version comparers to ensure correct functionality and edge case handling. - Create project files for the version comparison library and its tests.
1.3 KiB
1.3 KiB
SPRINT_4600 SUMMARY: SBOM Lineage & BYOS Ingestion
Program Overview
| Field | Value |
|---|---|
| Program ID | 4600 |
| Theme | SBOM Operations: Historical Tracking, Lineage, and Ingestion |
| Priority | P2 (Medium) |
| Total Effort | ~5 weeks |
| Advisory Source | 19-Dec-2025 - Stella Ops candidate features mapped to moat strength |
Strategic Context
SBOM storage is becoming table stakes. Differentiation comes from:
- Lineage ledger — Historical tracking with semantic diff
- BYOS ingestion — Accept external SBOMs into the analysis pipeline
Sprint Breakdown
| Sprint ID | Title | Effort | Moat |
|---|---|---|---|
| 4600_0001_0001 | SBOM Lineage Ledger | 3 weeks | 3 |
| 4600_0001_0002 | BYOS Ingestion Workflow | 2 weeks | 3 |
Dependencies
- Requires: SbomService (exists)
- Requires: Graph module (exists)
- Requires: SPRINT_4600_0001_0001 for BYOS
Outcomes
- SBOM versions are chained by artifact identity
- Historical queries and diffs are available
- External SBOMs can be uploaded and analyzed
- Lineage relationships are queryable
Moat Strategy
"Make the ledger valuable via semantic diff, evidence joins, and provenance rather than storage."
Sprint Series Status: TODO
Created: 2025-12-22