{
  "attestation": {
    "dsse_envelope": {
      "payloadType": "application/vnd.in-toto+json",
      "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoibXlhcHA6djEuMi4zIiwiZGlnZXN0Ijp7InNoYTI1NiI6ImFiYzEyMyJ9fV19",
      "signatures": [
        {
          "keyid": "stella-release-key-001",
          "sig": "MEUCIQDcJT8...signature..."
        }
      ]
    },
    "rekor_entry": {
      "log_index": 12345678,
      "log_id": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0=",
      "integrated_time": 1705689600,
      "inclusion_proof": {
        "root_hash": "abc123def456...",
        "tree_size": 98765432,
        "hashes": ["hash1", "hash2", "hash3"]
      }
    },
    "trusted_keys": ["stella-release-key-001", "stella-release-key-002"]
  },
  "cve_findings": [
    {
      "cve_id": "CVE-2024-1234",
      "cvss_score": 9.1,
      "severity": "critical",
      "epss_score": 0.72,
      "epss_percentile": 95,
      "is_kev": false,
      "is_reachable": true,
      "reachability_state": "confirmed_reachable",
      "is_suppressed": false,
      "package_name": "vulnerable-lib",
      "package_version": "1.2.3",
      "fix_available": true,
      "fixed_version": "1.2.4"
    },
    {
      "cve_id": "CVE-2024-5678",
      "cvss_score": 7.5,
      "severity": "high",
      "epss_score": 0.42,
      "epss_percentile": 78,
      "is_kev": false,
      "is_reachable": false,
      "reachability_state": "not_reachable",
      "is_suppressed": false,
      "package_name": "another-lib",
      "package_version": "2.0.0",
      "fix_available": false
    },
    {
      "cve_id": "CVE-2024-9012",
      "cvss_score": 5.3,
      "severity": "medium",
      "epss_score": 0.15,
      "epss_percentile": 45,
      "is_kev": false,
      "is_reachable": true,
      "reachability_state": "statically_reachable",
      "is_suppressed": false,
      "package_name": "common-util",
      "package_version": "3.1.0"
    },
    {
      "cve_id": "CVE-2023-44487",
      "cvss_score": 7.5,
      "severity": "high",
      "epss_score": 0.89,
      "epss_percentile": 99,
      "is_kev": true,
      "kev_due_date": "2024-02-15",
      "is_reachable": true,
      "reachability_state": "runtime_observed",
      "is_suppressed": true,
      "package_name": "http2-lib",
      "package_version": "1.0.0"
    }
  ],
  "baseline_cve_findings": [
    {
      "cve_id": "CVE-2024-5678",
      "cvss_score": 7.5
    },
    {
      "cve_id": "CVE-2024-0001",
      "cvss_score": 6.0
    }
  ],
  "environment": "production",
  "release": {
    "id": "rel-2024-01-19-001",
    "version": "1.2.3",
    "image_digest": "sha256:abc123...",
    "baseline_digest": "sha256:def456..."
  },
  "config": {
    "epss_threshold": 0.6,
    "severity_threshold": 7.0,
    "max_critical": 0,
    "max_high": 3,
    "max_medium": 20,
    "require_rekor": true,
    "count_suppressed": false,
    "only_reachable": false,
    "environments": {
      "production": {
        "epss_threshold": 0.3,
        "severity_threshold": 7.0,
        "max_critical": 0,
        "max_high": 0,
        "only_reachable": true
      },
      "staging": {
        "epss_threshold": 0.7,
        "max_critical": 1,
        "max_high": 5
      },
      "development": {
        "epss_threshold": 0.9,
        "max_critical": null,
        "max_high": null
      }
    }
  },
  "current_time": "2024-01-19T12:00:00Z"
}