stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
03f0bb61280ef012c76eaf6e93e8266d664e8ea6
git.stella-ops.org/docs/examples/binary-diff/README.md
master d7be6ba34b audit, advisories and doctors/setup work
2026-01-13 18:53:39 +02:00

1.7 KiB
Raw Blame History

Binary Diff Examples

This directory contains examples demonstrating the binary diff attestation feature.

Prerequisites

  • StellaOps CLI (stella) installed
  • Access to a container registry
  • Docker or containerd runtime (for image pulling)

Examples

Basic Comparison

basic-comparison.md - Simple binary diff between two image versions

DSSE Attestation

dsse-attestation.md - Generating and verifying DSSE-signed attestations

Policy Integration

policy-integration.md - Using binary diff evidence in policy rules

CI/CD Integration

ci-cd-integration.md - GitHub Actions and GitLab CI examples

Sample Outputs

The sample-outputs/ directory contains:

  • diff-table.txt - Sample table-formatted output
  • diff.json - Sample JSON output
  • attestation.dsse.json - Sample DSSE envelope

Quick Start

# Compare two image versions
stella scan diff --base myapp:1.0.0 --target myapp:1.0.1

# Generate attestation
stella scan diff --base myapp:1.0.0 --target myapp:1.0.1 \
  --mode=elf --emit-dsse=./attestations \
  --signing-key=./keys/binarydiff.pem

# Attach attestation to the image
stella attest attach \
  --image docker://myapp:1.0.1 \
  --attestation ./attestations/linux-amd64-binarydiff.dsse.json

# Verify attestation (example with cosign)
cosign verify-attestation \
  --type stellaops.binarydiff.v1 \
  --key ./keys/binarydiff.pub \
  docker://myapp:1.0.1

Related Documentation