Skip to main content

stave trend

Reads a sequence of stave apply output files and computes posture
metrics including violation rate, MTTR, severity distribution,
attack stage trends, velocity, and improvement projection.

Requires at least 2 assessment files to produce a trend report.

Exit Codes:
  0   Trend report generated successfully
  2   Invalid input or insufficient data
  4   Internal error

Examples:
  stave trend --history ./assessments/
  stave trend --files run1.json,run2.json,run3.json --format json
  stave trend --history ./assessments/ --window 10 --out trend.json

Usage:
  stave trend [flags]
  stave trend [command]

Examples:
  stave trend --history ./assessments/
  stave trend --history ./assessments/ --format json --out trend.json

Available Commands:
  forecast    Project posture score trajectory with SLA breach warnings
  oscillation Classify violation oscillation patterns across assessment history
  predict     Project compliance readiness achievement date

Flags:
      --compliance string      comma-separated framework profiles for trajectory (hipaa,soc2,...)
      --files string           comma-separated assessment files in chronological order
  -f, --format string          output format: table | json | openmetrics (default "table")
  -h, --help                   help for trend
      --history string         directory of out.v0.1 assessment files
      --min-runs int           minimum assessment files required (default 2)
      --out string             write output to file instead of stdout
      --regression-only        show only regressing teams
      --rollup string          aggregate to hierarchy group ID
      --team string            filter to specific team ID
      --team-manifest string   path to team manifest YAML for per-team metrics
      --window int             limit to most recent N assessments (0 = all)

Global Flags:
      --allow-symlink-output   Allow writing output through symlinks (default: refuse)
      --force                  Allow overwriting existing output files
      --log-file string        Write logs to file (default: stderr)
      --log-format string      Log format: text|json (default "text")
      --log-level string       Log level: debug|info|warn|error (overrides -v)
      --log-timestamps         Include timestamps in logs (breaks determinism)
      --log-timings            Include timing information (breaks determinism)
      --no-color               Disable ANSI colors in output
      --path-mode string       Path rendering in errors/logs: base (basename only) or full (absolute paths) Resolved default may come from STAVE_* env vars, stave.yaml, user config, or built-in.
      --quiet                  Suppress output (exit code only) Resolved default may come from STAVE_* env vars, stave.yaml, user config, or built-in.
      --require-offline        Assert offline operation: fail if proxy env vars (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY) are set
      --sanitize               Sanitize infrastructure identifiers (bucket names, ARNs, policies) from output Resolved default may come from STAVE_* env vars, stave.yaml, user config, or built-in.
      --strict                 Enable strict integrity checks for embedded registries and references
  -v, --verbose count          Increase verbosity (-v=INFO, -vv=DEBUG)
  -y, --yes                    Auto-confirm all interactive prompts (distinct from --force which controls file overwriting)

Use "stave trend [command] --help" for more information about a command.