Skip to main content

stave controls quality

Analyze control catalog metadata completeness and coverage gaps

Usage

stave controls quality [flags]

Description

Evaluate control catalog quality by checking metadata completeness (severity, remediation action, attack stage, compliance mappings), identifying blind spots where observed asset types lack controls, and detecting MITRE ATT&CK stage coverage gaps.

Inputs: --controls Path to control definitions directory --snapshot Path to observation snapshot for blind spot detection --format Output format: table or json (default: table) --min-completeness Minimum overall completeness percentage (exit 1 if below)

Exit Codes: 0 Quality report generated 1 Completeness below --min-completeness threshold 2 Input error 4 Internal error

Offline-only: reads local files; makes zero network connections; no cloud credentials.

Flags

FlagTypeDescription
-i, --controlsstringPath to control definitions directory (default: controls)
-f, --formatstringOutput format: table or json (default: table)
--min-completenessfloat64Minimum overall completeness percentage (exit 1 if below)
--snapshotstringPath to observation snapshot for blind spot detection

Examples

stave controls quality --controls controls/s3
stave controls quality --controls controls/ --snapshot observations/latest.json
stave controls quality --controls controls/ --min-completeness 80 --format json