4.3. diff Command#
Compare two assessment runs and report posture drift.
4.3.1. Usage#
flareinspect diff [options]
4.3.2. Options#
Option |
Description |
Default |
|---|---|---|
|
Baseline assessment file (JSON) (required) |
— |
|
Current assessment file (JSON) (required) |
— |
|
Output file path for diff results |
Stdout |
|
Output format: |
|
4.3.3. Delta Types#
Each finding in the diff is classified by one of the following delta types:
Delta |
Meaning |
|---|---|
|
Finding exists in the current assessment but not in the baseline |
|
Finding existed in the baseline but no longer appears in the current assessment |
|
Finding was PASS in baseline but is FAIL in current |
|
Finding was FAIL in baseline but is PASS in current |
|
Finding has the same status in both assessments |
4.3.4. Drift Score#
The drift score is a number from -100 to +100:
Range |
Interpretation |
|---|---|
Positive |
Net improvement in security posture |
Zero |
No net change |
Negative |
Net regression in security posture |
The score accounts for both the count and severity weight of regressions and improvements.
4.3.5. Exit Codes#
Condition |
Exit Code |
|---|---|
No regressions detected |
|
One or more regressions detected |
|
Error (invalid input, file not found) |
|
This makes diff suitable for CI pipelines where you want to block merges that introduce security regressions.
4.3.6. Examples#
Basic Diff
flareinspect diff --baseline baseline.json --current latest.json
Export Diff as Markdown
flareinspect diff --baseline baseline.json --current latest.json \
-f markdown -o drift-report.md
Use in CI Pipeline
# Previous assessment stored as baseline
# Latest assessment generated in this pipeline run
flareinspect diff --baseline baseline.json --current latest.json
# Exit code 1 if regressions are found
if [ $? -ne 0 ]; then
echo "Security regressions detected!"
exit 1
fi