git.stella-ops.org/samples/policy/simulations/serverless/diff.json

{
  "summary": {
    "policy": "serverless",
    "policyDigest": "sha256:simulation-serverless",
    "changed": 2
  },
  "diffs": [
    {
      "findingId": "library:pkg/aws-lambda@1.0.0",
      "baselineStatus": "Pass",
      "projectedStatus": "Blocked",
      "rule": "block_any_high",
      "notes": "Serverless workloads block High+ severities."
    },
    {
      "findingId": "image:sha256:untrusted-base",
      "baselineStatus": "Pass",
      "projectedStatus": "Blocked",
      "rule": "forbid_unpinned_base",
      "notes": "Base image must be pinned (no :latest)."
    }
  ]
}