{
  "schemaVersion": "scheduler.policy-explain-trace@1",
  "findingId": "finding:sbom:S-42/pkg:npm/lodash@4.17.21",
  "policyId": "P-7",
  "policyVersion": 4,
  "tenantId": "default",
  "runId": "run:P-7:2025-10-26:auto",
  "evaluatedAt": "2025-10-26T14:06:01+00:00",
  "verdict": {
    "status": "blocked",
    "severity": "critical",
    "score": 19.5,
    "rationale": "Matches rule-block-critical"
  },
  "ruleChain": [
    {
      "ruleId": "rule-allow-known",
      "ruleName": "Allow Known Vendors",
      "action": "allow",
      "decision": "skipped",
      "condition": "when vendor == \"trusted\""
    },
    {
      "ruleId": "rule-block-critical",
      "ruleName": "Block Critical Findings",
      "action": "block",
      "decision": "matched",
      "score": 19.5,
      "condition": "when severity >= Critical"
    }
  ],
  "evidence": [
    {
      "type": "advisory",
      "reference": "CVE-2025-12345",
      "source": "nvd",
      "status": "affected",
      "weight": 1,
      "justification": "Vendor advisory",
      "metadata": {}
    },
    {
      "type": "vex",
      "reference": "vex:ghsa-2025-0001",
      "source": "vendor",
      "status": "not_affected",
      "weight": 0.5,
      "justification": "Runtime unreachable",
      "metadata": {
        "justificationid": "csaf:justification/123"
      }
    }
  ],
  "vexImpacts": [
    {
      "statementId": "vex:ghsa-2025-0001",
      "provider": "vendor",
      "status": "not_affected",
      "accepted": true,
      "justification": "Runtime unreachable",
      "confidence": "medium"
    }
  ],
  "history": [
    {
      "status": "blocked",
      "occurredAt": "2025-10-26T14:06:01+00:00",
      "actor": "policy-engine",
      "note": "Initial evaluation"
    },
    {
      "status": "blocked",
      "occurredAt": "2025-10-26T14:16:01+00:00",
      "actor": "policy-engine",
      "note": "Replay verification"
    }
  ],
  "metadata": {
    "componentpurl": "pkg:npm/lodash@4.17.21",
    "sbomid": "sbom:S-42",
    "traceid": "01HE0BJX5S4T9YCN6ZT0"
  }
}