stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
08006100a5b609e53d9b3ff01aa12a180bc3d360
git.stella-ops.org/docs/features/checked/cli/policy-simulation-batch-mode-with-sbom-selectors.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

1.7 KiB
Raw Blame History

Policy Simulation Batch Mode with SBOM Selectors

Module

Cli

Status

VERIFIED

Description

Batch mode policy simulation with SBOM selector patterns (e.g., registry:docker.io/*, tag:production), severity heatmap summaries, and manifest download for offline analysis.

Implementation Details

  • Command Group: src/Cli/StellaOps.Cli/Commands/PolicyCommandGroup.cs -- policy simulation commands
  • Commands:
    • stella policy simulate <file> --batch --selector <pattern> -- batch simulation. Options: --severity-heatmap, --download-manifests, --output <path>, --format table|json
  • Selector patterns: registry:docker.io/*, tag:production, label:team=security

E2E Test Plan

  • Run stella policy simulate ./policy.stella --batch --selector "registry:docker.io/*" and verify batch results
  • Run with --severity-heatmap and verify severity distribution summary
  • Run with --download-manifests and verify manifests downloaded for offline analysis
  • Verify selector pattern matching (registry, tag, label patterns)
  • Verify --format json output with per-artifact results

Verification

  • Verified: 2026-02-13T15:30:00Z
  • Tier 0 (Source): pass -- all referenced source files exist on disk
  • Tier 1 (Build): pass -- module builds cleanly, 412 tests pass in StellaOps.Cli.Commands.Tests
  • Tier 2d (Integration): pass -- targeted integration tests confirm behavioral correctness
  • Test Project: src/Cli/__Tests/StellaOps.Cli.Commands.Tests/StellaOps.Cli.Commands.Tests.csproj
  • Evidence: docs/qa/feature-checks/runs/cli/policy-simulation-batch-mode-with-sbom-selectors/run-001/tier2-integration-check.json