Try Stave
1. See what it finds
No install, no signup, nothing to run.
See the full demo output → — real stave apply
output from a misconfigured AI agent environment, with compound
attack chains, near-miss chains, and standard findings annotated.
2. Run in a sandbox
Docker — nothing installed on your machine:
docker run --rm -v "$(pwd)/docs-content/demo/scenarios:/work/scenarios" \
stave-demo
Stop the container and it's gone. See Docker Scenarios for the full set of curated misconfiguration scenarios.
3. Install and run against demo data
go install github.com/sufield/stave/cmd/stave@latest # or: brew install sufield/tap/stave (macOS)
stave apply --observations ./examples/demo-fixtures/ --format text
Reads local files, writes to stdout. No network calls, no credentials, no access to your AWS account.
4. Run against your own snapshots
aws s3 sync s3://your-config-bucket/AWSLogs/ ./my-snapshot/
stave apply --observations ./my-snapshot/
Stave reads the files you give it. The snapshot is a copy — your account is unaffected.
5. Add to your pipeline
stave apply --observations ./snapshot/ --format sarif > findings.sarif
# exit 0 = clean, exit 3 = findings above threshold
Next: First Evaluation — install the binary and run it against demo data.