git.stella-ops.org/samples/policy/policy-report-unknown.json

{
  "reportRequest": {
    "imageDigest": "sha256:7dbe0c9a5d4f1c8184007e9d94dbe55928f8a2db5ab9c1c2d4a2f7bbcdfe1234",
    "findings": [
      {
        "id": "library:pkg/openssl@1.1.1w",
        "severity": "Unknown",
        "source": "NVD",
        "tags": [
          "trust:vendor",
          "reachability:unknown",
          "unknown-age-days:5"
        ]
      },
      {
        "id": "library:pkg/zlib@1.3.1",
        "severity": "High",
        "source": "NVD",
        "tags": [
          "state:unknown",
          "reachability:runtime",
          "unknown-since:2025-10-10T00:00:00Z",
          "observed-at:2025-10-19T12:00:00Z"
        ]
      }
    ],
    "baseline": [
      {
        "findingId": "library:pkg/openssl@1.1.1w",
        "status": "Pass",
        "score": 0,
        "configVersion": "1.0",
        "inputs": {
          "severityWeight": 25,
          "trustWeight": 1,
          "reachabilityWeight": 0.45,
          "baseScore": 11.25
        },
        "quiet": false
      },
      {
        "findingId": "library:pkg/zlib@1.3.1",
        "status": "Pass",
        "score": 0,
        "configVersion": "1.0",
        "inputs": {
          "severityWeight": 75,
          "trustWeight": 1,
          "reachabilityWeight": 0.45,
          "baseScore": 33.75
        },
        "quiet": false
      }
    ]
  },
  "reportResponse": {
    "report": {
      "reportId": "report-9f8cde21aab54321",
      "imageDigest": "sha256:7dbe0c9a5d4f1c8184007e9d94dbe55928f8a2db5ab9c1c2d4a2f7bbcdfe1234",
      "generatedAt": "2025-10-23T15:32:22Z",
      "verdict": "blocked",
      "policy": {
        "revisionId": "rev-42",
        "digest": "8a0f72f8dc5c51c46991db3bba34e9b3c0c8e944a7a6d0a9c29a9aa6b8439876"
      },
      "summary": {
        "total": 2,
        "blocked": 1,
        "warned": 1,
        "ignored": 0,
        "quieted": 0
      },
      "verdicts": [
        {
          "findingId": "library:pkg/openssl@1.1.1w",
          "status": "Blocked",
          "ruleName": "Block vendor unknowns",
          "ruleAction": "block",
          "notes": "Unknown vendor telemetry — medium confidence band.",
          "score": 19.5,
          "configVersion": "1.0",
          "inputs": {
            "severityWeight": 50,
            "trustWeight": 0.65,
            "reachabilityWeight": 0.6,
            "baseScore": 19.5,
            "trustWeight.vendor": 0.65,
            "reachability.unknown": 0.6,
            "unknownConfidence": 0.55,
            "unknownAgeDays": 5
          },
          "quietedBy": null,
          "quiet": false,
          "unknownConfidence": 0.55,
          "confidenceBand": "medium",
          "unknownAgeDays": 5,
          "sourceTrust": "vendor",
          "reachability": "unknown"
        },
        {
          "findingId": "library:pkg/zlib@1.3.1",
          "status": "Warned",
          "ruleName": "Runtime mitigation required",
          "ruleAction": "warn",
          "notes": "Runtime reachable unknown — mitigation window required.",
          "score": 18.75,
          "configVersion": "1.0",
          "inputs": {
            "severityWeight": 75,
            "trustWeight": 1,
            "reachabilityWeight": 0.45,
            "baseScore": 33.75,
            "reachability.runtime": 0.45,
            "warnPenalty": 15,
            "unknownConfidence": 0.35,
            "unknownAgeDays": 13
          },
          "quietedBy": null,
          "quiet": false,
          "unknownConfidence": 0.35,
          "confidenceBand": "medium",
          "unknownAgeDays": 13,
          "sourceTrust": "NVD",
          "reachability": "runtime"
        }
      ],
      "issues": []
    },
    "dsse": {
      "payloadType": "application/vnd.stellaops.report+json",
      "payload": "eyJyZXBvcnQiOnsicmVwb3J0SWQiOiJyZXBvcnQtOWY4Y2RlMjFhYWI1NDMyMSJ9fQ==",
      "signatures": [
        {
          "keyId": "scanner-report-signing",
          "algorithm": "hs256",
          "signature": "MEQCIGHscnJ2bm9wYXlsb2FkZXIAIjANBgkqhkiG9w0BAQsFAAOCAQEASmFja3Nvbk1ldGE="
        }
      ]
    }
  }
}