28 lines
1.5 KiB
Markdown
28 lines
1.5 KiB
Markdown
# Delta Scan CLI Command
|
|
|
|
## Module
|
|
Cli
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
CLI command `stella scan delta --old <image> --new <image>` for delta scanning between container image versions. Supports JSON/text/summary output formats, exit codes for CVE status (0=clean, 1=new CVEs, 2=error), and flags for policy, platform, SBOM format, signing, Rekor submission, and timeout configuration.
|
|
|
|
## Implementation Details
|
|
- **Command Group**: `src/Cli/StellaOps.Cli/Commands/DeltaCommandGroup.cs` -- `DeltaCommandGroup` for `stella delta` / `stella scan delta` commands
|
|
- **Commands**:
|
|
- `stella scan delta --old <image> --new <image>` -- delta scan between two image versions. Options: `--format json|text|summary`, `--policy <file>`, `--platform <arch>`, `--sbom-format cdx|spdx`, `--sign`, `--rekor`, `--timeout <duration>`
|
|
- **Exit codes**: 0=no new CVEs, 1=new CVEs found, 2=error
|
|
- **Integration**: Connects to Scanner module for diff computation
|
|
|
|
## E2E Test Plan
|
|
- [ ] Run `stella scan delta --old app:v1.0 --new app:v2.0` and verify delta scan results
|
|
- [ ] Run with `--format json` and verify structured delta output
|
|
- [ ] Run with `--format summary` and verify summary output
|
|
- [ ] Verify exit code 0 when no new CVEs introduced
|
|
- [ ] Verify exit code 1 when new CVEs found in new image
|
|
- [ ] Run with `--sign --rekor` and verify signed results with Rekor entry
|
|
- [ ] Run with `--policy ./policy.stella` and verify policy evaluation against delta
|
|
- [ ] Verify `--timeout` flag works for long-running scans
|