{ "version": "v1", "nodes": { "artifact": [ "display_name", "artifact_digest", "sbom_digest", "environment", "labels", "origin_registry", "supply_chain_stage" ], "component": [ "purl", "version", "ecosystem", "scope", "license_spdx", "usage" ], "file": [ "normalized_path", "content_sha256", "language_hint", "size_bytes", "scope" ], "license": [ "license_spdx", "name", "classification", "notice_uri" ], "advisory": [ "advisory_source", "advisory_id", "severity", "published_at", "content_hash", "linkset_digest" ], "vex_statement": [ "status", "statement_id", "justification", "issued_at", "expires_at", "content_hash" ], "policy_version": [ "policy_pack_digest", "policy_name", "effective_from", "expires_at", "explain_hash" ], "runtime_context": [ "runtime_fingerprint", "collector", "observed_at", "cluster", "namespace", "workload_kind", "runtime_state" ] }, "edges": { "CONTAINS": [ "detected_by", "layer_digest", "scope", "evidence_digest" ], "DEPENDS_ON": [ "dependency_purl", "dependency_version", "relationship", "evidence_digest" ], "DECLARED_IN": [ "detected_by", "scope", "evidence_digest" ], "BUILT_FROM": [ "build_type", "builder_id", "attestation_digest" ], "AFFECTED_BY": [ "evidence_digest", "matched_versions", "cvss", "confidence" ], "VEX_EXEMPTS": [ "status", "justification", "impact_statement", "evidence_digest" ], "GOVERNS_WITH": [ "verdict", "explain_hash", "policy_rule_id", "evaluation_timestamp" ], "OBSERVED_RUNTIME": [ "process_name", "entrypoint_kind", "runtime_evidence_digest", "confidence" ] } }