stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/cli/scan-reproducibility-verification-flag.md

973 B
Raw Blame History

Scan Reproducibility Verification Flag

Module

Cli

Status

IMPLEMENTED

Description

CLI flag to trigger reproducibility verification (rebuild) during scans, verifying whether builds are reproducible as part of the build provenance verification pipeline.

Implementation Details

  • Scan Commands: src/Cli/StellaOps.Cli/Commands/Scan/ -- scan command extensions
  • Provenance Commands: src/Cli/StellaOps.Cli/Commands/ProvCommandGroup.cs -- provenance verification
  • Commands:
    • stella scan run <image> --verify-reproducibility -- scan with reproducibility verification
    • stella prov verify <image> -- verify build provenance

E2E Test Plan

  • Run stella scan run myregistry/app:v1.0 --verify-reproducibility and verify reproducibility check
  • Verify reproducible build produces matching digest
  • Verify non-reproducible build is flagged
  • Run stella prov verify myregistry/app:v1.0 and verify provenance verification