# Compare workflow guide

Compare highlights the security delta between two images or scans so teams
focus on material risk changes rather than full lists.

When to use
- Evaluate a new release before deploy.
- Investigate why a policy gate blocked a build.
- Audit security posture changes between versions.

Core UI layout
- Baseline selector: last green build, previous release, main branch, custom.
- Delta summary: counts for added, removed, and changed items.
- Categories: SBOM changes, reachability, VEX status, policy, findings, unknowns.
- Evidence pane: witness path, VEX merge, policy rule, envelope hashes.

Trust indicators
- Determinism hash and policy version.
- Feed snapshot age and signature status.
- Warnings for stale feeds or policy drift.

Exports
- JSON for evidence and automation.
- PDF for audit packets.
- SARIF for CI integrations.

Workflow examples
1) Pre-release review: use last green baseline, inspect new critical findings.
2) Blocked release: filter policy category to see blocking rule and evidence.
3) Audit: verify signatures and run replay command from the UI.

Related references
- docs/guides/compare-workflow-user-guide.md
- docs/cli/smart-diff-cli.md
- docs/replay/DETERMINISTIC_REPLAY.md