> ## Documentation Index > Fetch the complete documentation index at: https://docs.chainloop.dev/llms.txt > Use this file to discover all available pages before exploring further. # List effective assessments for lookups > For each (external_id, identity) lookup of a given finding type, return matching assessments and the precedence-resolved effective status, scoped to a project (and optionally a version). Works with zero findings — queries assessments directly. ## OpenAPI ````yaml https://api.app.chainloop.dev/openapi.yaml post /v1/assessments/list-effective openapi: 3.0.1 info: contact: email: support@chainloop.dev name: Chainloop Support url: https://chainloop.dev termsOfService: https://chainloop.dev/terms title: Chainloop Platform API version: '1.0' servers: - url: https://api.app.chainloop.dev/ security: - bearerToken: [] tags: - description: AI-powered agent operations name: AgentsService - name: ArtifactService - name: AssessmentService - description: Service for polling the status of asynchronous operations name: AsyncOperationsService - name: AttestationsService - name: PolicyService - name: ComplianceService - name: ComponentService - name: EnvironmentsService - name: EvidenceService - name: FindingService - name: LinearService - name: LogicalEnvironmentsService - name: ProductsService - name: ProjectsService - name: UserService - name: WorkflowTemplateService externalDocs: description: Chainloop Official Documentation url: https://docs.chainloop.dev paths: /v1/assessments/list-effective: post: tags: - AssessmentService summary: List effective assessments for lookups description: >- For each (external_id, identity) lookup of a given finding type, return matching assessments and the precedence-resolved effective status, scoped to a project (and optionally a version). Works with zero findings — queries assessments directly. operationId: AssessmentService_ListEffective requestBody: content: application/json: schema: $ref: '#/components/schemas/v1AssessmentServiceListEffectiveRequest' description: >- Request to look up effective assessments for one or more (external_id, identity) lookups of a given finding type required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/v1AssessmentServiceListEffectiveResponse' description: A successful response. '400': content: application/json: schema: $ref: '#/components/schemas/v1BadRequestResponse' description: Bad Request - The request was invalid or cannot be served. '401': content: application/json: schema: $ref: '#/components/schemas/v1UnauthorizedResponse' description: Unauthorized - Authentication is required. '403': content: application/json: schema: $ref: '#/components/schemas/v1PermissionDeniedResponse' description: Forbidden - You do not have permission to access this resource. '500': content: application/json: schema: $ref: '#/components/schemas/v1InternalServerErrorResponse' description: Internal Server Error - An unexpected error occurred on the server. default: content: application/json: schema: $ref: '#/components/schemas/rpcStatus' description: An unexpected error response. components: schemas: v1AssessmentServiceListEffectiveRequest: description: >- Request to look up effective assessments for one or more (external_id, identity) lookups of a given finding type properties: project_name: description: Project name type: string project_version_name: description: Project version name (scopes precedence to that version when set) type: string finding_type: $ref: '#/components/schemas/v1FindingType' lookups: description: Lookups (1 to 5000 entries) items: $ref: '#/components/schemas/v1EffectiveAssessmentLookup' type: array title: AssessmentServiceListEffectiveRequest type: object v1AssessmentServiceListEffectiveResponse: description: Response for ListEffective method example: results: - lookup: identity: identity external_id: external_id effective_status: ASSESSMENT_STATUS_UNSPECIFIED assessments: - justification_code: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED note: note remediation_branch_name: remediation_branch_name created_at: '2000-01-23T04:56:07.000Z' external_id: external_id remediation_pr_url: remediation_pr_url fixable_feasibility: 2.027123023002322 products: - purl_glob: purl_glob - purl_glob: purl_glob remediation_status: remediation_status updated_at: '2000-01-23T04:56:07.000Z' project_id: project_id cvss_vector: cvss_vector remediation_pr_state: remediation_pr_state scope: ASSESSMENT_SCOPE_UNSPECIFIED id: id fixable_status: null severity: FINDING_SEVERITY_UNSPECIFIED effective_reviewed_at: '2000-01-23T04:56:07.000Z' pending_revision: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id fixable_summary: fixable_summary project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true fixable_feasibility: 5.962133916683182 confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 2.3021358869347655 derived: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.637376656633329 id: id fixable_status: FIXABLE_STATUS_UNSPECIFIED status: null remediation_pr_number: 0 fixable_summary: fixable_summary project_version_id: project_version_id remediation_confidence: 6.027456183070403 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name remediation_status_reason: remediation_status_reason remediation_updated_at: '2000-01-23T04:56:07.000Z' organization_id: organization_id effective_reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true status: ASSESSMENT_STATUS_UNSPECIFIED - justification_code: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED note: note remediation_branch_name: remediation_branch_name created_at: '2000-01-23T04:56:07.000Z' external_id: external_id remediation_pr_url: remediation_pr_url fixable_feasibility: 2.027123023002322 products: - purl_glob: purl_glob - purl_glob: purl_glob remediation_status: remediation_status updated_at: '2000-01-23T04:56:07.000Z' project_id: project_id cvss_vector: cvss_vector remediation_pr_state: remediation_pr_state scope: ASSESSMENT_SCOPE_UNSPECIFIED id: id fixable_status: null severity: FINDING_SEVERITY_UNSPECIFIED effective_reviewed_at: '2000-01-23T04:56:07.000Z' pending_revision: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id fixable_summary: fixable_summary project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true fixable_feasibility: 5.962133916683182 confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 2.3021358869347655 derived: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.637376656633329 id: id fixable_status: FIXABLE_STATUS_UNSPECIFIED status: null remediation_pr_number: 0 fixable_summary: fixable_summary project_version_id: project_version_id remediation_confidence: 6.027456183070403 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name remediation_status_reason: remediation_status_reason remediation_updated_at: '2000-01-23T04:56:07.000Z' organization_id: organization_id effective_reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true status: ASSESSMENT_STATUS_UNSPECIFIED - lookup: identity: identity external_id: external_id effective_status: ASSESSMENT_STATUS_UNSPECIFIED assessments: - justification_code: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED note: note remediation_branch_name: remediation_branch_name created_at: '2000-01-23T04:56:07.000Z' external_id: external_id remediation_pr_url: remediation_pr_url fixable_feasibility: 2.027123023002322 products: - purl_glob: purl_glob - purl_glob: purl_glob remediation_status: remediation_status updated_at: '2000-01-23T04:56:07.000Z' project_id: project_id cvss_vector: cvss_vector remediation_pr_state: remediation_pr_state scope: ASSESSMENT_SCOPE_UNSPECIFIED id: id fixable_status: null severity: FINDING_SEVERITY_UNSPECIFIED effective_reviewed_at: '2000-01-23T04:56:07.000Z' pending_revision: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id fixable_summary: fixable_summary project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true fixable_feasibility: 5.962133916683182 confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 2.3021358869347655 derived: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.637376656633329 id: id fixable_status: FIXABLE_STATUS_UNSPECIFIED status: null remediation_pr_number: 0 fixable_summary: fixable_summary project_version_id: project_version_id remediation_confidence: 6.027456183070403 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name remediation_status_reason: remediation_status_reason remediation_updated_at: '2000-01-23T04:56:07.000Z' organization_id: organization_id effective_reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true status: ASSESSMENT_STATUS_UNSPECIFIED - justification_code: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED note: note remediation_branch_name: remediation_branch_name created_at: '2000-01-23T04:56:07.000Z' external_id: external_id remediation_pr_url: remediation_pr_url fixable_feasibility: 2.027123023002322 products: - purl_glob: purl_glob - purl_glob: purl_glob remediation_status: remediation_status updated_at: '2000-01-23T04:56:07.000Z' project_id: project_id cvss_vector: cvss_vector remediation_pr_state: remediation_pr_state scope: ASSESSMENT_SCOPE_UNSPECIFIED id: id fixable_status: null severity: FINDING_SEVERITY_UNSPECIFIED effective_reviewed_at: '2000-01-23T04:56:07.000Z' pending_revision: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id fixable_summary: fixable_summary project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true fixable_feasibility: 5.962133916683182 confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 2.3021358869347655 derived: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.637376656633329 id: id fixable_status: FIXABLE_STATUS_UNSPECIFIED status: null remediation_pr_number: 0 fixable_summary: fixable_summary project_version_id: project_version_id remediation_confidence: 6.027456183070403 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name remediation_status_reason: remediation_status_reason remediation_updated_at: '2000-01-23T04:56:07.000Z' organization_id: organization_id effective_reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true status: ASSESSMENT_STATUS_UNSPECIFIED properties: results: description: Per-lookup results, index-aligned with the request's lookups items: $ref: '#/components/schemas/v1EffectiveAssessmentEntry' type: array title: AssessmentServiceListEffectiveResponse type: object v1BadRequestResponse: description: Response for bad request example: code: 0 details: - details - details message: message properties: code: default: 3 description: >- The error code indicating the type of error. It's fixed to 3, which is the code for INVALID_ARGUMENT. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: BadRequestResponse type: object v1UnauthorizedResponse: description: Response for unauthorized access example: code: 6 details: - details - details message: message properties: code: default: 16 description: >- The error code indicating the type of error. It's fixed to 16, which is the code for UNAUTHENTICATED. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: UnauthorizedResponse type: object v1PermissionDeniedResponse: description: Response for permission denied example: code: 1 details: - details - details message: message properties: code: default: 7 description: >- The error code indicating the type of error. It's fixed to 7, which is the code for PERMISSION_DENIED. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: PermissionDeniedResponse type: object v1InternalServerErrorResponse: description: Response for internal server error example: code: 5 details: - details - details message: message properties: code: default: 13 description: >- The error code indicating the type of error. It's fixed to 13, which is the code for INTERNAL_ERROR. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: InternalServerErrorResponse type: object rpcStatus: example: code: 5 details: - '@type': '@type' - '@type': '@type' message: message properties: code: format: int32 type: integer message: type: string details: items: $ref: '#/components/schemas/protobufAny' type: array type: object v1FindingType: default: FINDING_TYPE_UNSPECIFIED description: |- FindingType represents the type of security finding. Lives in shared_messages.proto for the same reason as FindingSeverity: assessment.proto needs it for the ListEffective query tuples without creating an import cycle with finding.proto. enum: - FINDING_TYPE_UNSPECIFIED - FINDING_TYPE_VULNERABILITY type: string v1EffectiveAssessmentLookup: description: A single (external_id, identity) lookup example: identity: identity external_id: external_id properties: external_id: description: Vulnerability or advisory identifier (e.g. CVE-2024-1234) type: string identity: description: Kind-specific identity (PURL for VULNERABILITY) type: string title: EffectiveAssessmentLookup type: object v1EffectiveAssessmentEntry: description: Per-lookup result of ListEffective example: lookup: identity: identity external_id: external_id effective_status: ASSESSMENT_STATUS_UNSPECIFIED assessments: - justification_code: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED note: note remediation_branch_name: remediation_branch_name created_at: '2000-01-23T04:56:07.000Z' external_id: external_id remediation_pr_url: remediation_pr_url fixable_feasibility: 2.027123023002322 products: - purl_glob: purl_glob - purl_glob: purl_glob remediation_status: remediation_status updated_at: '2000-01-23T04:56:07.000Z' project_id: project_id cvss_vector: cvss_vector remediation_pr_state: remediation_pr_state scope: ASSESSMENT_SCOPE_UNSPECIFIED id: id fixable_status: null severity: FINDING_SEVERITY_UNSPECIFIED effective_reviewed_at: '2000-01-23T04:56:07.000Z' pending_revision: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id fixable_summary: fixable_summary project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true fixable_feasibility: 5.962133916683182 confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 2.3021358869347655 derived: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.637376656633329 id: id fixable_status: FIXABLE_STATUS_UNSPECIFIED status: null remediation_pr_number: 0 fixable_summary: fixable_summary project_version_id: project_version_id remediation_confidence: 6.027456183070403 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name remediation_status_reason: remediation_status_reason remediation_updated_at: '2000-01-23T04:56:07.000Z' organization_id: organization_id effective_reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true status: ASSESSMENT_STATUS_UNSPECIFIED - justification_code: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED note: note remediation_branch_name: remediation_branch_name created_at: '2000-01-23T04:56:07.000Z' external_id: external_id remediation_pr_url: remediation_pr_url fixable_feasibility: 2.027123023002322 products: - purl_glob: purl_glob - purl_glob: purl_glob remediation_status: remediation_status updated_at: '2000-01-23T04:56:07.000Z' project_id: project_id cvss_vector: cvss_vector remediation_pr_state: remediation_pr_state scope: ASSESSMENT_SCOPE_UNSPECIFIED id: id fixable_status: null severity: FINDING_SEVERITY_UNSPECIFIED effective_reviewed_at: '2000-01-23T04:56:07.000Z' pending_revision: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id fixable_summary: fixable_summary project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true fixable_feasibility: 5.962133916683182 confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 2.3021358869347655 derived: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.637376656633329 id: id fixable_status: FIXABLE_STATUS_UNSPECIFIED status: null remediation_pr_number: 0 fixable_summary: fixable_summary project_version_id: project_version_id remediation_confidence: 6.027456183070403 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name remediation_status_reason: remediation_status_reason remediation_updated_at: '2000-01-23T04:56:07.000Z' organization_id: organization_id effective_reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true status: ASSESSMENT_STATUS_UNSPECIFIED properties: lookup: $ref: '#/components/schemas/v1EffectiveAssessmentLookup' assessments: description: Matching assessments after identity filter items: $ref: '#/components/schemas/v1AssessmentItem' type: array effective_status: $ref: '#/components/schemas/v1AssessmentStatus' title: EffectiveAssessmentEntry type: object protobufAny: additionalProperties: type: object example: '@type': '@type' properties: '@type': type: string type: object v1AssessmentItem: description: Full representation of a security assessment example: justification_code: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED note: note remediation_branch_name: remediation_branch_name created_at: '2000-01-23T04:56:07.000Z' external_id: external_id remediation_pr_url: remediation_pr_url fixable_feasibility: 2.027123023002322 products: - purl_glob: purl_glob - purl_glob: purl_glob remediation_status: remediation_status updated_at: '2000-01-23T04:56:07.000Z' project_id: project_id cvss_vector: cvss_vector remediation_pr_state: remediation_pr_state scope: ASSESSMENT_SCOPE_UNSPECIFIED id: id fixable_status: null severity: FINDING_SEVERITY_UNSPECIFIED effective_reviewed_at: '2000-01-23T04:56:07.000Z' pending_revision: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id fixable_summary: fixable_summary project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true fixable_feasibility: 5.962133916683182 confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 2.3021358869347655 derived: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.637376656633329 id: id fixable_status: FIXABLE_STATUS_UNSPECIFIED status: null remediation_pr_number: 0 fixable_summary: fixable_summary project_version_id: project_version_id remediation_confidence: 6.027456183070403 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name remediation_status_reason: remediation_status_reason remediation_updated_at: '2000-01-23T04:56:07.000Z' organization_id: organization_id effective_reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true status: ASSESSMENT_STATUS_UNSPECIFIED properties: id: description: Unique identifier type: string organization_id: description: Organization ID type: string project_id: description: Project ID (set for PROJECT or PROJECT_VERSION scope) type: string project_version_id: description: Project version ID (set for PROJECT_VERSION scope) type: string external_id: description: Vulnerability or advisory identifier (e.g. CVE-2024-1234) type: string products: description: PURL globs identifying affected products items: $ref: '#/components/schemas/v1AssessmentProduct' type: array scope: $ref: '#/components/schemas/v1AssessmentScope' status: $ref: '#/components/schemas/v1AssessmentStatus' justification_code: $ref: '#/components/schemas/v1AssessmentJustificationCode' note: description: Free-text note type: string created_by: $ref: '#/components/schemas/v1AssessmentCreator' created_at: description: Creation timestamp format: date-time type: string updated_at: description: Last update timestamp format: date-time type: string remediation_status: description: 'Remediation outcome: SUCCESS, CANNOT_REMEDIATE, or ALREADY_FIXED' type: string remediation_status_reason: description: >- Explanation when remediation cannot be performed or when the project was already at a fixed version type: string remediation_pr_url: description: GitHub PR URL created by auto-remediation type: string remediation_pr_number: description: GitHub PR number created by auto-remediation format: int32 type: integer remediation_branch_name: description: Git branch name created by auto-remediation type: string remediation_pr_state: description: >- Current state of the auto-remediation PR: open, closed, or merged. Unset when no PR has been opened or the PR row has been removed. type: string remediation_updated_at: description: >- Timestamp of the last completed remediation attempt (success or cannot-remediate) format: date-time type: string remediation_confidence: description: Agent-reported certainty (0.0-1.0) in the remediation outcome format: double type: number effective_reviewer: $ref: '#/components/schemas/v1User' effective_reviewed_at: description: When the current effective revision was last reviewed format: date-time type: string pending_revision: $ref: '#/components/schemas/v1AssessmentRevision' severity: $ref: '#/components/schemas/v1FindingSeverity' cvss_vector: description: Representative CVSS vector string from the underlying vulnerability. type: string fixable_status: $ref: '#/components/schemas/v1FixableStatus' fixable_summary: description: What the fix is. Set only when the AI assessment identified a fix. type: string fixable_feasibility: description: >- Agent confidence (0.0-1.0) that the fix will be good enough. Set only on AI-authored revisions. format: double type: number title: AssessmentItem type: object v1AssessmentStatus: default: ASSESSMENT_STATUS_UNSPECIFIED enum: - ASSESSMENT_STATUS_UNSPECIFIED - ASSESSMENT_STATUS_NOT_AFFECTED - ASSESSMENT_STATUS_AFFECTED - ASSESSMENT_STATUS_UNDER_INVESTIGATION - ASSESSMENT_STATUS_FIXED title: AssessmentStatus represents the OpenVEX-aligned status type: string v1AssessmentProduct: example: purl_glob: purl_glob properties: purl_glob: description: Package URL glob pattern type: string title: AssessmentProduct represents a PURL glob entry in the products field type: object v1AssessmentScope: default: ASSESSMENT_SCOPE_UNSPECIFIED enum: - ASSESSMENT_SCOPE_UNSPECIFIED - ASSESSMENT_SCOPE_PROJECT - ASSESSMENT_SCOPE_PROJECT_VERSION title: AssessmentScope represents the scope level of an assessment type: string v1AssessmentJustificationCode: default: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED enum: - ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED - ASSESSMENT_JUSTIFICATION_CODE_COMPONENT_NOT_PRESENT - ASSESSMENT_JUSTIFICATION_CODE_VULNERABLE_CODE_NOT_PRESENT - >- ASSESSMENT_JUSTIFICATION_CODE_VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY - ASSESSMENT_JUSTIFICATION_CODE_VULNERABLE_CODE_NOT_IN_EXECUTE_PATH - ASSESSMENT_JUSTIFICATION_CODE_INLINE_MITIGATIONS_ALREADY_EXIST title: AssessmentJustificationCode represents OpenVEX justification codes type: string v1AssessmentCreator: description: >- AssessmentCreator identifies who or what created an assessment. Exactly one oneof variant is populated (matching the declared type). SYSTEM-minted rows (e.g. auto NOT_AFFECTED on component removal) leave created_by unset on AssessmentItem. example: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name properties: type: $ref: '#/components/schemas/v1AssessmentCreatorType' user: $ref: '#/components/schemas/v1User' api_token: $ref: '#/components/schemas/v1AssessmentCreatorAPIToken' ai_agent: $ref: '#/components/schemas/v1AssessmentCreatorAIAgent' type: object v1User: description: Information about a user in the Chainloop platform. example: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true properties: id: description: Unique identifier of the user. title: The ID of the user type: string email: description: Email address of the user. title: The email of the user type: string intercom_hash: description: Computed hash of the user ID for use with Intercom. title: The computed hash of the user id to be used in intercom type: string created_at: description: Timestamp when the user account was created. format: date-time title: The time the user was created type: string first_name: description: First name of the user. title: The first name of the user type: string last_name: description: Last name of the user. title: The last name of the user type: string instance_admin: description: Whether the user is an instance admin. title: Whether the user is an instance admin type: boolean title: User type: object v1AssessmentRevision: description: >- Immutable snapshot of an assessment at a revision number, with authorship and review audit trails example: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id fixable_summary: fixable_summary project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true fixable_feasibility: 5.962133916683182 confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 2.3021358869347655 derived: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.637376656633329 id: id fixable_status: FIXABLE_STATUS_UNSPECIFIED status: null properties: id: description: Revision UUID type: string assessment_id: description: Parent assessment UUID type: string revision: description: Monotonic revision number (starts at 1) format: int32 type: integer scope: $ref: '#/components/schemas/v1AssessmentScope' project_version_id: description: Project version ID (set for PROJECT_VERSION scope) type: string status: $ref: '#/components/schemas/v1AssessmentStatus' justification_code: $ref: '#/components/schemas/v1AssessmentJustificationCode' note: description: Note recorded on this revision type: string products: description: PURL globs recorded on this revision items: $ref: '#/components/schemas/v1AssessmentProduct' type: array created_by: $ref: '#/components/schemas/v1AssessmentCreator' created_at: description: When this revision was created format: date-time type: string approval_status: $ref: '#/components/schemas/v1AssessmentApprovalStatus' reviewer: $ref: '#/components/schemas/v1User' reviewed_at: description: When the review action was taken format: date-time type: string review_note: description: Reviewer note. Required on reject; optional on approve. type: string fixable_status: $ref: '#/components/schemas/v1FixableStatus' fixable_summary: description: >- What the fix is. Set only on AI-authored revisions that identified a fix. type: string fixable_feasibility: description: >- Agent confidence (0.0-1.0) that the fix will be good enough. Set only on AI-authored revisions. format: double type: number confidence_score: description: Headline confidence (0.0-1.0). Set only for AI-authored revisions. format: double type: number confidence_breakdown: $ref: '#/components/schemas/v1ConfidenceBreakdown' title: AssessmentRevision type: object v1FindingSeverity: default: FINDING_SEVERITY_UNSPECIFIED description: >- FindingSeverity represents the severity level of a finding. Lives in shared_messages.proto so both finding.proto and assessment.proto can use it without creating an import cycle (finding.proto imports assessment.proto for AssessmentStatus, and assessment.proto needs FindingSeverity for the severity field on AssessmentItem). enum: - FINDING_SEVERITY_UNSPECIFIED - FINDING_SEVERITY_CRITICAL - FINDING_SEVERITY_HIGH - FINDING_SEVERITY_MEDIUM - FINDING_SEVERITY_LOW - FINDING_SEVERITY_INFO - FINDING_SEVERITY_UNKNOWN type: string v1FixableStatus: default: FIXABLE_STATUS_UNSPECIFIED description: >- FixableStatus is the assessment's fix dimension, orthogonal to affectedness status. Produced by the same AI assessment run that determines affectedness, it expresses whether a fix exists and whether it is mechanically producible. - FIXABLE_STATUS_FIXABLE: FIXABLE_STATUS_FIXABLE: a fix exists and the agent judges it mechanically producible (the legacy auto_remediable = true). - FIXABLE_STATUS_NOT_FIXABLE: FIXABLE_STATUS_NOT_FIXABLE: a fix exists but is not mechanically producible (the legacy auto_remediable = false). - FIXABLE_STATUS_NO_FIX_AVAILABLE: FIXABLE_STATUS_NO_FIX_AVAILABLE: no fix could be identified — neither the scanner's fixed version nor the agent's own ecosystem investigation found one. - FIXABLE_STATUS_UNKNOWN: FIXABLE_STATUS_UNKNOWN: not yet assessed (human/system/API-token revisions and AI revisions that predate the feature). enum: - FIXABLE_STATUS_UNSPECIFIED - FIXABLE_STATUS_FIXABLE - FIXABLE_STATUS_NOT_FIXABLE - FIXABLE_STATUS_NO_FIX_AVAILABLE - FIXABLE_STATUS_UNKNOWN type: string v1AssessmentCreatorType: default: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED description: >- AssessmentCreatorType is an explicit discriminator for AssessmentCreator, provided alongside the oneof so clients can branch without inspecting the oneof case directly (convenient for UI code). enum: - ASSESSMENT_CREATOR_TYPE_UNSPECIFIED - ASSESSMENT_CREATOR_TYPE_USER - ASSESSMENT_CREATOR_TYPE_AI_ASSISTED - ASSESSMENT_CREATOR_TYPE_API_TOKEN type: string v1AssessmentCreatorAPIToken: description: >- AssessmentCreatorAPIToken identifies an API token that created an assessment. example: id: id properties: id: description: API token UUID type: string type: object v1AssessmentCreatorAIAgent: description: >- AssessmentCreatorAIAgent identifies an AI agent that created an assessment. example: name: name properties: name: description: Human-readable agent name type: string type: object v1AssessmentApprovalStatus: default: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED description: >- AssessmentApprovalStatus represents the approval lifecycle of an individual revision. Transitions are one-shot from PENDING to APPROVED or REJECTED. enum: - ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED - ASSESSMENT_APPROVAL_STATUS_PENDING - ASSESSMENT_APPROVAL_STATUS_APPROVED - ASSESSMENT_APPROVAL_STATUS_REJECTED type: string v1ConfidenceBreakdown: description: Per-axis confidence breakdown plus platform-derived block example: schema_version: schema_version scores: key: reason: reason abstained: true value: 2.3021358869347655 derived: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 properties: scores: additionalProperties: $ref: '#/components/schemas/v1ConfidenceAxisScore' description: Per-axis scores keyed by axis identifier type: object derived: $ref: '#/components/schemas/v1ConfidenceDerived' schema_version: description: Agent output schema version that produced this breakdown (e.g. "2"). type: string title: ConfidenceBreakdown type: object v1ConfidenceAxisScore: description: One axis from the agent's self-scored confidence breakdown example: reason: reason abstained: true value: 2.3021358869347655 properties: value: description: Axis score in [0.0, 1.0]. Unset when abstained. format: double type: number reason: description: Agent's one-sentence justification for the axis score type: string abstained: description: True when the axis was not evaluable type: boolean title: ConfidenceAxisScore type: object v1ConfidenceDerived: description: Platform-computed rollup and dominant-axis surfacing example: rollup_active_axes: 9 dominant_low_axis: reason: reason axis: axis value: 3.616076749251911 rollup: 7.061401241503109 properties: rollup: description: Geometric mean over non-abstained axes format: double type: number rollup_active_axes: description: Count of non-abstained axes contributing to the rollup format: int32 type: integer dominant_low_axis: $ref: '#/components/schemas/v1ConfidenceDominantLowAxis' title: ConfidenceDerived type: object v1ConfidenceDominantLowAxis: description: Lowest non-abstained axis driving a low-confidence verdict example: reason: reason axis: axis value: 3.616076749251911 properties: axis: description: Axis identifier type: string value: description: The axis's score format: double type: number reason: description: The agent's reason for the axis score type: string title: ConfidenceDominantLowAxis type: object securitySchemes: bearerToken: description: Bearer token for authentication type: http scheme: bearer bearerFormat: JWT ````