Block deployments of actively exploited vulnerabilities
Your CI pipeline can move fast — but without a security gate, it can deploy software with known active exploits just as fast. attestd adds a single deterministic check before any build reaches production.
the request
bash
curl "https://api.attestd.io/v1/check?product=nginx&version=${VERSION}" \
-H "Authorization: Bearer ${ATTESTD_API_KEY}"integration
.github/workflows/deploy.yml
- name: attestd risk check
run: |
RESULT=$(curl -s "https://api.attestd.io/v1/check?product=nginx&version=$VERSION" -H "Authorization: Bearer $ATTESTD_API_KEY")
if echo "$RESULT" | jq -e '.risk_state == "critical"' > /dev/null; then
echo "::error::Deployment blocked: $(echo $RESULT | jq -r '.risk_factors | join(", ")')"
exit 1
fi
echo "Risk check passed. Proceeding with deployment."operational outcome
▸
Automated deployments stop before reaching production.
When an actively exploited critical vulnerability is detected in a dependency, the CI step fails with a clear error and the fixed version. No human review needed for the gate itself — only for the exception.