{ "findings": [ { "findingId": "finding-1", "vulnId": "CVE-2024-12345", "componentPurl": "pkg:npm/example@1.2.3", "assetId": "asset::registry.local/ops/auth" } ], "policy": { "policyVersion": "sha256:policy-demo", "items": [ { "findingId": "finding-1", "status": "affected", "severityBand": "High", "severityScore": 7.5, "exceptions": [ { "schemaVersion": "1.0", "exceptionId": "exc-001", "tenantId": "tenant-default", "name": "temporary-risk-acceptance", "displayName": "Temporary Risk Acceptance", "status": "approved", "severity": "high", "scope": { "type": "component", "componentPurls": ["pkg:npm/example@1.2.3"], "vulnIds": ["CVE-2024-12345"] }, "justification": { "template": "risk-accepted", "text": "Approved for demo tenant while remediation is planned." }, "timebox": { "startDate": "2025-12-01T00:00:00Z", "endDate": "2025-12-31T23:59:59Z" }, "createdBy": "user:demo", "createdAt": "2025-12-01T00:00:00Z", "updatedBy": "user:demo", "updatedAt": "2025-12-10T00:00:00Z" } ] } ], "continuationToken": null, "traceId": "trace-sample-6" }, "advisories": [ { "advisoryId": "CVE-2024-12345", "source": "cve", "title": "Example advisory for offline demo", "severity": "high", "publishedAt": "2025-12-01T00:00:00Z", "updatedAt": "2025-12-10T00:00:00Z", "cveIds": ["CVE-2024-12345"], "affectedPurls": ["pkg:npm/example@1.2.3"], "etag": "\"adv-CVE-2024-12345-v1\"" } ], "vexStatements": [ { "statementId": "vex::tenant-default::CVE-2024-12345::001", "vulnId": "CVE-2024-12345", "productId": "asset::registry.local/ops/auth", "status": "not_affected", "justification": "Component not present in runtime image.", "updatedAt": "2025-12-10T00:00:00Z", "etag": "\"vex-001-v1\"" } ], "linksets": [ { "findingId": "finding-1", "vulnId": "CVE-2024-12345", "advisoryIds": ["CVE-2024-12345"], "vexStatementIds": ["vex::tenant-default::CVE-2024-12345::001"] } ], "traceId": "trace-sample-6", "etag": "\"policy-evidence-sample-1\"" }