Skip to main content

sbom_tools/diff/
mod.rs

1//! Semantic diff engine for SBOMs.
2//!
3//! This module implements a graph-based semantic diff algorithm inspired by
4//! difftastic, adapted for SBOM comparison.
5//!
6//! # Architecture
7//!
8//! The diff system is built on traits for extensibility:
9//!
10//! - [`ChangeComputer`](traits::ChangeComputer): Trait for computing specific types of changes
11//! - Individual change computers in the [`changes`] module
12//!
13//! # Performance Features
14//!
15//! - **Incremental Diffing**: Cache results and recompute only changed sections
16//! - **Batch Candidate Generation**: Use LSH + cross-ecosystem for large SBOMs
17//!
18//! # Example
19//!
20//! ```ignore
21//! use sbom_tools::diff::{DiffEngine, changes::ComponentChangeComputer};
22//!
23//! let engine = DiffEngine::new();
24//! let result = engine.diff(&old_sbom, &new_sbom);
25//!
26//! // For repeated diffs, use the incremental engine:
27//! use sbom_tools::diff::IncrementalDiffEngine;
28//! let incremental = IncrementalDiffEngine::new(engine);
29//! let result = incremental.diff(&old, &new);
30//! if result.was_cached() {
31//!     println!("Cache hit!");
32//! }
33//! ```
34
35pub mod changes;
36mod cost;
37mod engine;
38mod engine_config;
39mod engine_matching;
40mod engine_rules;
41pub mod graph;
42pub mod incremental;
43pub mod multi;
44mod multi_engine;
45mod result;
46pub mod traits;
47mod vertex;
48
49pub use cost::CostModel;
50pub use engine::{DiffEngine, LargeSbomConfig};
51pub use graph::{GraphDiffConfig, diff_dependency_graph};
52pub use incremental::{
53    CacheHitType, CacheStats, ChangedSections, DiffCache, DiffCacheConfig, DiffCacheKey,
54    IncrementalDiffEngine, IncrementalDiffResult, SectionHashes,
55};
56pub use multi::{
57    ComparisonResult, ComplianceScoreEntry, ComplianceSnapshot, ComponentEvolution,
58    DependencySnapshot, DivergenceType, DivergentComponent, EvolutionSummary,
59    InconsistentComponent, IncrementalChange, LicenseChange as TimelineLicenseChange,
60    LicenseChangeType, MatrixResult, MultiDiffResult, MultiDiffSummary, SbomCluster,
61    SbomClustering, SbomInfo, SecurityImpact, TimelineResult, VariableComponent, VersionAtPoint,
62    VersionChangeType, VersionSpread, VulnerabilityMatrix, VulnerabilitySnapshot,
63};
64pub use multi_engine::MultiDiffEngine;
65pub use result::{
66    ChangeSet, ChangeType, ComponentChange, ComponentLicenseChange, ConfidenceInterval,
67    DependencyChange, DependencyChangeType, DependencyGraphChange, DiffResult, DiffSummary,
68    FieldChange, GraphChangeImpact, GraphChangeSummary, GraphChangesByImpact, LicenseChange,
69    LicenseChanges, LicenseConflict, MatchInfo, MatchScoreComponent, SlaStatus,
70    VulnerabilityChanges, VulnerabilityDetail,
71};
72pub use traits::{
73    ChangeComputer, ComponentChangeSet, ComponentMatches, DependencyChangeSet, LicenseChangeSet,
74    VulnerabilityChangeSet,
75};
76pub use vertex::DiffVertex;