33 lines
753 B
Markdown
33 lines
753 B
Markdown
# Policy Integration
|
|
|
|
Binary diff output can be used as evidence in policy decisions. This example
|
|
shows a simple workflow using the JSON output from `stella scan diff`.
|
|
|
|
## Generate JSON Output
|
|
|
|
```bash
|
|
stella scan diff \
|
|
--base myapp:1.0.0 \
|
|
--target myapp:1.0.1 \
|
|
--format=json > diff.json
|
|
```
|
|
|
|
## Feed into Policy Evaluation
|
|
|
|
Use the JSON report as an input signal for policy rules that require evidence
|
|
of binary changes. Example (pseudo-rule):
|
|
|
|
```rego
|
|
package stella.policy
|
|
|
|
allow {
|
|
input.binaryDiff.summary.modified > 0
|
|
input.binaryDiff.findings[_].changeType == "modified"
|
|
}
|
|
```
|
|
|
|
## Notes
|
|
|
|
- The CLI currently emits `unknown` verdicts for modified binaries.
|
|
- Future classifier updates will populate `patched` and `vanilla` verdicts.
|