stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
main
git.stella-ops.org/docs/examples/binary-diff/policy-integration.md
master d7be6ba34b audit, advisories and doctors/setup work
2026-01-13 18:53:39 +02:00

753 B
Raw Permalink Blame History

Policy Integration

Binary diff output can be used as evidence in policy decisions. This example shows a simple workflow using the JSON output from stella scan diff.

Generate JSON Output

stella scan diff \
  --base myapp:1.0.0 \
  --target myapp:1.0.1 \
  --format=json > diff.json

Feed into Policy Evaluation

Use the JSON report as an input signal for policy rules that require evidence of binary changes. Example (pseudo-rule):

package stella.policy

allow {
  input.binaryDiff.summary.modified > 0
  input.binaryDiff.findings[_].changeType == "modified"
}

Notes

  • The CLI currently emits unknown verdicts for modified binaries.
  • Future classifier updates will populate patched and vanilla verdicts.