Paste two signed receipts (JWS tokens) to generate a cryptographic diff. The system decodes both, compares component lists, versions, and risk assessments, and returns a structured delta showing exactly what changed.
AEarlier Receipt
BLater Receipt
How It Works
What the diff shows you
The compare engine decodes both receipts, verifies signatures, and produces a structured delta across four dimensions:
Components
Added / Removed
Every component present in one receipt but not the other. New dependencies introduced, old ones removed between deploys.
Versions
Upgraded / Downgraded
Components in both receipts but at different versions. Distinguishes upgrades from downgrades.
Risk Delta
CVE Exposure Change
Whether the deploy increased or decreased vulnerability surface. New CVEs introduced vs resolved.
Provenance
Anchor & Timestamp
Time elapsed between receipts, and confirmation both are signed by the same authority and anchored protocol.
Use Cases
When to use receipt comparison
Deployment Audit
Before and after a production deploy
Generate a receipt before deploying, another after. Compare them to produce a cryptographic record of every change introduced — no log parsing, no trust required.
CVE Response
Proving a vulnerability was remediated
After patching a known CVE, a comparison receipt proves the vulnerable component is gone or upgraded — signed, independently verifiable evidence for auditors and clients.
Compliance
Prove the migration happened
Run a receipt before your post-quantum migration and one after. The comparison shows exactly which quantum-vulnerable assets you removed, which you did not, and what appeared — signed, dated, and verifiable. Progress you can prove, not progress you claim.
Supply Chain
Vendor delivery verification
Compare the receipt a vendor issued at delivery against a re-scan receipt. Any divergence between what was claimed and what was delivered shows up immediately.
Quick Reference
How to run a comparison
1
Get your Advanced tier receipts
Generate two receipts from the Workbench — one before a change, one after. Both must be Advanced tier. Open the Workbench →
2
Paste both JWS tokens
Copy the full signed JWS string from each receipt and paste into the A (earlier) and B (later) fields above. The JWS is the long eyJ… string included in every receipt download.
3
Run the comparison
The system decodes, verifies, and diffs both receipts, returning a structured delta across components, versions, and risk. Need an Advanced pack? View pricing →