{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://attestd.io/schema/v1/check.json", "title": "Attestd /v1/check response", "description": "Response schema for GET /v1/check. Stable under the v1 compatibility guarantee: existing fields and enum values will not be removed or changed; new optional fields may be added.", "type": "object", "required": ["supported"], "properties": { "supported": { "type": "boolean", "description": "True when Attestd has coverage data for this product. When false, all other fields are absent." }, "product": { "type": "string", "description": "The product slug as submitted in the request." }, "version": { "type": "string", "description": "The version string as submitted in the request." }, "risk_state": { "type": "string", "enum": ["critical", "high", "elevated", "low", "none"], "description": "Aggregate risk classification for this product/version. Derived by worst-case aggregation across all matching CVE version ranges. The five enum values are stable and will not be removed or renamed." }, "risk_factors": { "type": "array", "items": { "type": "string", "enum": [ "active_exploitation", "remote_code_execution", "no_authentication_required", "internet_exposed_service", "patch_available" ] }, "description": "Vocabulary of risk factors driving risk_state. The listed values are stable. New risk concepts will be added as new values only after announcement; clients should ignore unknown values." }, "actively_exploited": { "type": "boolean", "description": "True if any matching CVE is listed in the CISA Known Exploited Vulnerabilities catalog." }, "remote_exploitable": { "type": "boolean", "description": "True if the attack vector is network-based for any matching CVE." }, "authentication_required": { "type": ["boolean", "null"], "description": "Whether authentication is required to exploit any matching CVE. Null when not determinable from CVE data." }, "patch_available": { "type": "boolean", "description": "True if a fixed version is known." }, "fixed_version": { "type": ["string", "null"], "description": "The earliest version that resolves all matching CVEs, or null if no patch exists." }, "confidence": { "type": "number", "minimum": 0, "maximum": 1, "description": "Confidence score for the risk assessment. 0.5 indicates DB-derived fields only (NVD CVSS metadata). 0.85 or above indicates LLM extraction succeeded with high corroboration." }, "cve_ids": { "type": "array", "items": { "type": "string" }, "description": "CVE identifiers affecting this version. May be empty for low-confidence assessments." }, "last_updated": { "type": "string", "format": "date-time", "description": "ISO 8601 timestamp of the last ingestion run that produced this result." }, "supply_chain": { "oneOf": [ { "type": "null" }, { "type": "object", "required": ["compromised"], "properties": { "compromised": { "type": "boolean", "description": "True if a malicious publish has been confirmed for this package version." }, "sources": { "type": "array", "items": { "type": "string" }, "description": "Data sources that contributed to the supply chain verdict." }, "malware_type": { "type": ["string", "null"], "description": "Classification of the malicious payload when known." }, "description": { "type": ["string", "null"], "description": "Human-readable summary of the supply chain incident." }, "advisory_url": { "type": ["string", "null"], "format": "uri", "description": "Link to the primary advisory (OSV, registry, or vendor)." }, "compromised_at": { "type": ["string", "null"], "format": "date-time", "description": "Timestamp when the malicious version was first published." }, "removed_at": { "type": ["string", "null"], "format": "date-time", "description": "Timestamp when the malicious version was removed from the registry, or null if still present." } }, "additionalProperties": true } ], "description": "Supply chain compromise data for PyPI and npm packages. Null for CVE-only products or packages with no incident on record." } }, "additionalProperties": true }