Expand description
Semantic diff engine for SBOMs.
This module implements a graph-based semantic diff algorithm inspired by difftastic, adapted for SBOM comparison.
§Architecture
The diff system is built on traits for extensibility:
ChangeComputer: Trait for computing specific types of changes- Individual change computers in the
changesmodule
§Performance Features
- Incremental Diffing: Cache results and recompute only changed sections
- Batch Candidate Generation: Use LSH + cross-ecosystem for large SBOMs
§Example
ⓘ
use sbom_tools::diff::{DiffEngine, changes::ComponentChangeComputer};
let engine = DiffEngine::new();
let result = engine.diff(&old_sbom, &new_sbom);
// For repeated diffs, use the incremental engine:
use sbom_tools::diff::IncrementalDiffEngine;
let incremental = IncrementalDiffEngine::new(engine);
let result = incremental.diff(&old, &new);
if result.was_cached() {
println!("Cache hit!");
}Re-exports§
pub use graph::GraphDiffConfig;pub use graph::diff_dependency_graph;pub use incremental::CacheHitType;pub use incremental::CacheStats;pub use incremental::ChangedSections;pub use incremental::DiffCache;pub use incremental::DiffCacheConfig;pub use incremental::DiffCacheKey;pub use incremental::IncrementalDiffEngine;pub use incremental::IncrementalDiffResult;pub use incremental::SectionHashes;pub use multi::ComparisonResult;pub use multi::ComplianceScoreEntry;pub use multi::ComplianceSnapshot;pub use multi::ComponentEvolution;pub use multi::DependencySnapshot;pub use multi::DivergenceType;pub use multi::DivergentComponent;pub use multi::EvolutionSummary;pub use multi::InconsistentComponent;pub use multi::IncrementalChange;pub use multi::LicenseChange as TimelineLicenseChange;pub use multi::LicenseChangeType;pub use multi::MatrixResult;pub use multi::MultiDiffResult;pub use multi::MultiDiffSummary;pub use multi::SbomCluster;pub use multi::SbomClustering;pub use multi::SbomInfo;pub use multi::SecurityImpact;pub use multi::TimelineResult;pub use multi::VariableComponent;pub use multi::VersionAtPoint;pub use multi::VersionChangeType;pub use multi::VersionSpread;pub use multi::VulnerabilityMatrix;pub use multi::VulnerabilitySnapshot;pub use traits::ChangeComputer;pub use traits::ComponentChangeSet;pub use traits::ComponentMatches;pub use traits::DependencyChangeSet;pub use traits::LicenseChangeSet;pub use traits::VulnerabilityChangeSet;
Modules§
- changes
- Change computer implementations.
- graph
- Graph-aware dependency diffing module.
- incremental
- Incremental diffing with result caching.
- multi
- Multi-SBOM comparison data structures and engines.
- traits
- Trait definitions for diff computation strategies.
Structs§
- Change
Set - Generic change set for added/removed/modified items
- Component
Change - Component change information
- Component
License Change - Component-level license change
- Confidence
Interval - Confidence interval for match score.
- Cost
Model - Cost model configuration for semantic diff operations.
- Dependency
Change - Dependency change information
- Dependency
Graph Change - Represents a structural change in the dependency graph
- Diff
Engine - Semantic diff engine for comparing SBOMs.
- Diff
Result - Complete result of an SBOM diff operation.
- Diff
Summary - Summary statistics for the diff
- Diff
Vertex - Vertex in the diff graph representing an alignment position.
- Field
Change - Individual field change
- Graph
Change Summary - Summary statistics for graph changes
- Graph
Changes ByImpact - Large
Sbom Config - Configuration for large SBOM optimization.
- License
Change - Individual license change
- License
Changes - License change information
- License
Conflict - License conflict information
- Match
Info - Information about how a component was matched.
- Match
Score Component - A component of the match score for JSON output.
- Multi
Diff Engine - Engine for multi-SBOM comparisons.
- Vulnerability
Changes - Vulnerability change information
- Vulnerability
Detail - Detailed vulnerability information
Enums§
- Change
Type - Type of change
- Dependency
Change Type - Types of dependency graph structural changes
- Graph
Change Impact - Impact level of a graph change
- SlaStatus
- SLA status for vulnerability remediation tracking