65 lines
1.7 KiB
Markdown
65 lines
1.7 KiB
Markdown
# Binary Diff Examples
|
|
|
|
This directory contains examples demonstrating the binary diff attestation feature.
|
|
|
|
## Prerequisites
|
|
|
|
- StellaOps CLI (`stella`) installed
|
|
- Access to a container registry
|
|
- Docker or containerd runtime (for image pulling)
|
|
|
|
## Examples
|
|
|
|
### Basic Comparison
|
|
|
|
[basic-comparison.md](./basic-comparison.md) - Simple binary diff between two image versions
|
|
|
|
### DSSE Attestation
|
|
|
|
[dsse-attestation.md](./dsse-attestation.md) - Generating and verifying DSSE-signed attestations
|
|
|
|
### Policy Integration
|
|
|
|
[policy-integration.md](./policy-integration.md) - Using binary diff evidence in policy rules
|
|
|
|
### CI/CD Integration
|
|
|
|
[ci-cd-integration.md](./ci-cd-integration.md) - GitHub Actions and GitLab CI examples
|
|
|
|
## Sample Outputs
|
|
|
|
The `sample-outputs/` directory contains:
|
|
|
|
- `diff-table.txt` - Sample table-formatted output
|
|
- `diff.json` - Sample JSON output
|
|
- `attestation.dsse.json` - Sample DSSE envelope
|
|
|
|
## Quick Start
|
|
|
|
```bash
|
|
# Compare two image versions
|
|
stella scan diff --base myapp:1.0.0 --target myapp:1.0.1
|
|
|
|
# Generate attestation
|
|
stella scan diff --base myapp:1.0.0 --target myapp:1.0.1 \
|
|
--mode=elf --emit-dsse=./attestations \
|
|
--signing-key=./keys/binarydiff.pem
|
|
|
|
# Attach attestation to the image
|
|
stella attest attach \
|
|
--image docker://myapp:1.0.1 \
|
|
--attestation ./attestations/linux-amd64-binarydiff.dsse.json
|
|
|
|
# Verify attestation (example with cosign)
|
|
cosign verify-attestation \
|
|
--type stellaops.binarydiff.v1 \
|
|
--key ./keys/binarydiff.pub \
|
|
docker://myapp:1.0.1
|
|
```
|
|
|
|
## Related Documentation
|
|
|
|
- [Binary Diff Attestation Architecture](../../modules/scanner/binary-diff-attestation.md)
|
|
- [BinaryDiffV1 JSON Schema](../../schemas/binarydiff-v1.schema.json)
|
|
- [CLI Reference](../../API_CLI_REFERENCE.md#stella-scan-diff)
|