84 lines
2.1 KiB
JSON
84 lines
2.1 KiB
JSON
{
|
|
"schemaVersion": "scheduler.policy-explain-trace@1",
|
|
"findingId": "finding:sbom:S-42/pkg:npm/lodash@4.17.21",
|
|
"policyId": "P-7",
|
|
"policyVersion": 4,
|
|
"tenantId": "default",
|
|
"runId": "run:P-7:2025-10-26:auto",
|
|
"evaluatedAt": "2025-10-26T14:06:01+00:00",
|
|
"verdict": {
|
|
"status": "blocked",
|
|
"severity": "critical",
|
|
"score": 19.5,
|
|
"rationale": "Matches rule-block-critical"
|
|
},
|
|
"ruleChain": [
|
|
{
|
|
"ruleId": "rule-allow-known",
|
|
"ruleName": "Allow Known Vendors",
|
|
"action": "allow",
|
|
"decision": "skipped",
|
|
"condition": "when vendor == \"trusted\""
|
|
},
|
|
{
|
|
"ruleId": "rule-block-critical",
|
|
"ruleName": "Block Critical Findings",
|
|
"action": "block",
|
|
"decision": "matched",
|
|
"score": 19.5,
|
|
"condition": "when severity >= Critical"
|
|
}
|
|
],
|
|
"evidence": [
|
|
{
|
|
"type": "advisory",
|
|
"reference": "CVE-2025-12345",
|
|
"source": "nvd",
|
|
"status": "affected",
|
|
"weight": 1,
|
|
"justification": "Vendor advisory",
|
|
"metadata": {}
|
|
},
|
|
{
|
|
"type": "vex",
|
|
"reference": "vex:ghsa-2025-0001",
|
|
"source": "vendor",
|
|
"status": "not_affected",
|
|
"weight": 0.5,
|
|
"justification": "Runtime unreachable",
|
|
"metadata": {
|
|
"justificationid": "csaf:justification/123"
|
|
}
|
|
}
|
|
],
|
|
"vexImpacts": [
|
|
{
|
|
"statementId": "vex:ghsa-2025-0001",
|
|
"provider": "vendor",
|
|
"status": "not_affected",
|
|
"accepted": true,
|
|
"justification": "Runtime unreachable",
|
|
"confidence": "medium"
|
|
}
|
|
],
|
|
"history": [
|
|
{
|
|
"status": "blocked",
|
|
"occurredAt": "2025-10-26T14:06:01+00:00",
|
|
"actor": "policy-engine",
|
|
"note": "Initial evaluation"
|
|
},
|
|
{
|
|
"status": "blocked",
|
|
"occurredAt": "2025-10-26T14:16:01+00:00",
|
|
"actor": "policy-engine",
|
|
"note": "Replay verification"
|
|
}
|
|
],
|
|
"metadata": {
|
|
"componentpurl": "pkg:npm/lodash@4.17.21",
|
|
"sbomid": "sbom:S-42",
|
|
"traceid": "01HE0BJX5S4T9YCN6ZT0"
|
|
}
|
|
}
|