{
  "items": [
    {
      "findingId": "tenant-default:advisory-ai:sha256:5d1a",
      "coordinates": {
        "advisoryId": "CVE-2024-12345",
        "package": "pkg:npm/jsonwebtoken@9.0.2",
        "component": "jwt-auth-service",
        "image": "registry.local/ops/auth:2025.10.0"
      },
      "summary": "jsonwebtoken <10.0.0 allows algorithm downgrade.",
      "severity": "high",
      "cvss": 8.1,
      "kev": true,
      "policyBadge": "fail",
      "vex": {
        "statementId": "vex:tenant-default:jwt-auth:5d1a",
        "state": "under_investigation",
        "justification": "Advisory AI flagged reachable path via Scheduler run 42."
      },
      "reachability": {
        "status": "reachable",
        "lastObserved": "2025-11-07T23:11:04Z",
        "signalsVersion": "signals-2025.310.1"
      },
      "evidence": {
        "sbomDigest": "sha256:6c81f2bbd8bd7336f197f3f68fba2f76d7287dd1a5e2a0f0e9f14f23f3c2f917",
        "policyRunId": "policy-run::2025-11-07::ca9f",
        "attestationId": "dsse://authority/attest/84a2"
      },
      "timestamps": {
        "firstSeen": "2025-10-31T04:22:18Z",
        "lastSeen": "2025-11-07T23:16:51Z"
      }
    },
    {
      "findingId": "tenant-default:advisory-ai:sha256:9bf4",
      "coordinates": {
        "advisoryId": "GHSA-xxxx-yyyy-zzzz",
        "package": "pkg:docker/library/nginx@1.25.2",
        "component": "ingress-gateway",
        "image": "registry.local/ops/ingress:2025.09.1"
      },
      "summary": "Heap overflow in nginx HTTP/3 parsing.",
      "severity": "critical",
      "cvss": 9.8,
      "kev": false,
      "policyBadge": "warn",
      "vex": {
        "statementId": "vex:tenant-default:ingress:9bf4",
        "state": "not_affected",
        "justification": "component_not_present"
      },
      "reachability": {
        "status": "unknown",
        "signalsVersion": "signals-2025.309.0"
      },
      "evidence": {
        "sbomDigest": "sha256:99f1e2a7aa0f7c970dcb6674244f0bfb5f37148e3ee09fd4f925d3358dea2239",
        "policyRunId": "policy-run::2025-11-06::b210",
        "attestationId": "dsse://authority/attest/1d34"
      },
      "timestamps": {
        "firstSeen": "2025-10-29T18:03:11Z",
        "lastSeen": "2025-11-07T10:45:03Z"
      }
    }
  ],
  "facets": {
    "severity": [
      { "value": "critical", "count": 1 },
      { "value": "high", "count": 1 }
    ],
    "policyBadge": [
      { "value": "fail", "count": 1 },
      { "value": "warn", "count": 1 }
    ],
    "reachability": [
      { "value": "reachable", "count": 1 },
      { "value": "unknown", "count": 1 }
    ]
  },
  "nextPageToken": "eyJjdXJzb3IiOiJmZjg0NiJ9"
}