sbom-tools 0.1.19

Semantic SBOM diff and analysis tool
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

//! Semantic diff engine for SBOMs.
//!
//! This module implements a graph-based semantic diff algorithm inspired by
//! difftastic, adapted for SBOM comparison.
//!
//! # Architecture
//!
//! The diff system is built on traits for extensibility:
//!
//! - [`ChangeComputer`](traits::ChangeComputer): Trait for computing specific types of changes
//! - Individual change computers in the [`changes`] module
//!
//! # Performance Features
//!
//! - **Incremental Diffing**: Cache results and recompute only changed sections
//! - **Batch Candidate Generation**: Use LSH + cross-ecosystem for large SBOMs
//!
//! # Example
//!
//! ```ignore
//! use sbom_tools::diff::{DiffEngine, changes::ComponentChangeComputer};
//!
//! let engine = DiffEngine::new();
//! let result = engine.diff(&old_sbom, &new_sbom);
//!
//! // For repeated diffs, use the incremental engine:
//! use sbom_tools::diff::IncrementalDiffEngine;
//! let incremental = IncrementalDiffEngine::new(engine);
//! let result = incremental.diff(&old, &new);
//! if result.was_cached() {
//!     println!("Cache hit!");
//! }
//! ```

pub mod changes;
mod cost;
mod engine;
mod engine_config;
mod engine_matching;
mod engine_rules;
pub mod graph;
pub mod incremental;
pub mod multi;
mod multi_engine;
mod result;
pub mod traits;
mod vertex;

pub use cost::CostModel;
pub use engine::{DiffEngine, LargeSbomConfig};
pub use graph::{GraphDiffConfig, diff_dependency_graph};
pub use incremental::{
    CacheHitType, CacheStats, ChangedSections, DiffCache, DiffCacheConfig, DiffCacheKey,
    IncrementalDiffEngine, IncrementalDiffResult, SectionHashes,
};
pub use multi::{
    ComparisonResult, ComplianceScoreEntry, ComplianceSnapshot, ComponentEvolution,
    DependencySnapshot, DivergenceType, DivergentComponent, EvolutionSummary,
    InconsistentComponent, IncrementalChange, LicenseChange as TimelineLicenseChange,
    LicenseChangeType, MatrixResult, MultiDiffResult, MultiDiffSummary, SbomCluster,
    SbomClustering, SbomInfo, SecurityImpact, TimelineResult, VariableComponent, VersionAtPoint,
    VersionChangeType, VersionSpread, VulnerabilityMatrix, VulnerabilitySnapshot,
};
pub use multi_engine::MultiDiffEngine;
pub use result::{
    CategoryDelta, ChangeSet, ChangeType, ComponentChange, ComponentLicenseChange,
    ConfidenceInterval, DependencyChange, DependencyChangeType, DependencyGraphChange, DiffResult,
    DiffSummary, FieldChange, GraphChangeImpact, GraphChangeSummary, GraphChangesByImpact,
    LicenseChange, LicenseChanges, LicenseConflict, MatchInfo, MatchMetrics, MatchScoreComponent,
    QualityDelta, SlaStatus, VexCoverageSummary, VexStatusChange, VulnerabilityChanges,
    VulnerabilityDetail,
};
pub use traits::{
    ChangeComputer, ComponentChangeSet, ComponentMatches, DependencyChangeSet, LicenseChangeSet,
    VulnerabilityChangeSet,
};
pub use vertex::DiffVertex;