stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
6bee1fdcf58fe6c2fd8dae6201f5f71eb504710f
git.stella-ops.org/docs/modules/cli/guides/commands/vuln.md
StellaOps Bot 6bee1fdcf5
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
work
2025-11-25 08:01:23 +02:00

1.3 KiB
Raw Blame History

stella vuln — Command Guide

Commands

  • stella vuln list --query <filter> [--group-by <field>] [--output json|ndjson|table] [--offline]
  • stella vuln get --id <vulnId> [--output json|table] [--offline]
  • stella vuln simulate --from <policyA> --to <policyB> --subjects <path> [--offline]

Flags (common)

  • --offline: read from cached snapshots; fail with exit code 5 if network would be used.
  • --policy <id>: scope queries to a policy projection.
  • --page-size, --page-token: deterministic pagination.
  • --group-by: cve, package, status, advisory (results stay stably ordered within groups).

Inputs/outputs

  • Inputs: Vuln Explorer API; optional cached snapshots when offline.
  • Outputs: sorted lists or detail documents with provenance pointers (advisoryId, evidenceIds, consensusId).
  • Exit codes follow output-and-exit-codes.md; 4 for not found, 5 for offline violation.

Determinism rules

  • Lists sorted by primary key then timestamp; group-by keeps stable ordering inside each bucket.
  • Timestamps UTC ISO-8601; hashes lower-case hex.

Offline/air-gap notes

  • Use cached snapshots (--offline) when remote Explorer is unavailable; commands must not attempt network calls in this mode.
  • Simulation must read local policy snapshots and subjects when offline.