๐๏ธ Bug Repro Guide
How to write a minimal, deterministic bug reproduction for Stave.
๐๏ธ Authoring
How to write, test, and review custom Stave control definitions.
๐๏ธ Common Issues
Troubleshooting guide for common Stave errors and unexpected behavior.
๐๏ธ Running in CI/CD
How to integrate Stave into GitHub Actions and GitLab CI pipelines.
๐๏ธ Enabling/Disabling
How to control exactly which controls Stave evaluates.
๐๏ธ Interpreting Findings
How to read findings and execute deterministic remediation planning.
๐๏ธ HIPAA Compliance
Evaluate S3 configurations against HIPAA Security Rule requirements using Stave's built-in HIPAA profile.
๐๏ธ Security Workflows
How to use Stave alongside other security tools and incident response processes.
๐๏ธ Breach-Type Routing
How to use the --context flag to filter control evaluation based on incident breach type.
๐๏ธ Resource Ignore Lists
How to suppress findings for intentionally configured resources using ignore lists.
๐๏ธ Sanitization
How to share Stave outputs safely using --sanitize.
๐๏ธ Recipes
Multi-command workflow recipes for common Stave tasks.
๐๏ธ Reasoning Engines
Pick the right external reasoning engine for the question you have, export Stave's facts in the format the engine consumes, append a query, and read the verdict back.
๐๏ธ Atlantis Post-Plan Integration
Evaluate Terraform plans for safety violations before atlantis apply.
๐๏ธ Contributing to Stave
Thank you for considering contributing to Stave. This document explains how to set up your development environment, run tests, and submit changes.
๐๏ธ Create Snapshots
Step-by-step recipes for producing obs.v0.1 observation snapshots from a live AWS account, from Terraform, or by hand.
๐๏ธ Enable Z3
Install libz3 and use Z3 with Stave. The Stave binary itself is built CGO_ENABLED=0 and has no Z3 dependency; Z3 is opt-in per-machine for the example provers and the SMT-LIB file pipeline.
๐๏ธ How to Run an IAM Security Assessment
Evaluate AWS IAM configuration against 38 controls covering identity,
๐๏ธ How to Debug Unexpected Findings with the Logic Trace
Use the logic trace when Stave produces a finding you don't expect โ or
๐๏ธ How to Evaluate Multi-Cloud Infrastructure
Stave evaluates any cloud provider and any service without engine changes.
๐๏ธ How to Run an OpenSearch Security Assessment
Evaluate AWS OpenSearch domain configuration against 12 controls
๐๏ธ How to Scaffold Controls with the Policy Forge
Create a new security control with validated YAML and pass/fail test
๐๏ธ How to Block Unsafe Configs with a Pre-Commit Hook
Prevent unsafe cloud configurations from being committed to version
๐๏ธ S3 Assessment Workflow
This is the supported S3 MVP workflow for the current CLI surface.
๐๏ธ Verify a Release
Step-by-step recipe for verifying Stave release artifacts: checksums, Cosign signatures, SBOM, and build provenance.