Binary Diff Examples
This directory contains examples demonstrating the binary diff attestation feature.
Prerequisites
- StellaOps CLI (
stella) installed - Access to a container registry
- Docker or containerd runtime (for image pulling)
Examples
Basic Comparison
basic-comparison.md - Simple binary diff between two image versions
DSSE Attestation
dsse-attestation.md - Generating and verifying DSSE-signed attestations
Policy Integration
policy-integration.md - Using binary diff evidence in policy rules
CI/CD Integration
ci-cd-integration.md - GitHub Actions and GitLab CI examples
Sample Outputs
The sample-outputs/ directory contains:
diff-table.txt- Sample table-formatted outputdiff.json- Sample JSON outputattestation.dsse.json- Sample DSSE envelope
Quick Start
# Compare two image versions
stella scan diff --base myapp:1.0.0 --target myapp:1.0.1
# Generate attestation
stella scan diff --base myapp:1.0.0 --target myapp:1.0.1 \
--mode=elf --emit-dsse=./attestations \
--signing-key=./keys/binarydiff.pem
# Attach attestation to the image
stella attest attach \
--image docker://myapp:1.0.1 \
--attestation ./attestations/linux-amd64-binarydiff.dsse.json
# Verify attestation (example with cosign)
cosign verify-attestation \
--type stellaops.binarydiff.v1 \
--key ./keys/binarydiff.pub \
docker://myapp:1.0.1