diff --sensitivity flag #619
Description
Now that we've improved rule categorization by moving to the MITRE Malware Behavior Catalog, I'm interested in adding a --sensitivity flag that CI/CD pipelines can use to adjust how noisy mal diff is in CI/CD pipelines based on the context of what kind of update is being processed. Here's my initial thinking:
--sensitivity=(1|file): show diff only if file risk changes. Obsoletes --file-risk-change.
--sensitivity=(2|major): show diff if top-level namespace (objective) changes.
--sensitivity=(3|minor): show diff only if second-level namespace (resource) changes
--sensitivity=(4|patch): show diff if 3rd-level namespace (technique) changes
--sensitivity=(5|full) show diff if anything changes
For example, Wolfi knows the versions on both sides of the update: we can use to keep the noise low for major version changes (1.0 -> 2.0), and dial the sensitivity up for subsequent minor releases (2.0->2.0.1). For simple epoch changes, we can dial the sensitivity up to 5.
As part of this, we should rename --file-risk-increase to something like --increased-risk
cc @egibs @hectorj2f @tdunlap607 for thoughts.