> ## Documentation Index > Fetch the complete documentation index at: https://docs.chainloop.dev/llms.txt > Use this file to discover all available pages before exploring further. # Update an assessment > Update an existing assessment. ## OpenAPI ````yaml https://api.app.chainloop.dev/openapi.yaml put /v1/assessments/{id} openapi: 3.0.1 info: contact: email: support@chainloop.dev name: Chainloop Support url: https://chainloop.dev termsOfService: https://chainloop.dev/terms title: Chainloop Platform API version: '1.0' servers: - url: https://api.app.chainloop.dev/ security: - bearerToken: [] tags: - description: AI-powered agent operations name: AgentsService - name: ArtifactService - name: AssessmentService - description: Service for polling the status of asynchronous operations name: AsyncOperationsService - name: AttestationsService - name: PolicyService - name: ComplianceService - name: ComponentService - name: EnvironmentsService - name: EvidenceService - name: FindingService - name: LogicalEnvironmentsService - name: ProductsService - name: ProjectsService - name: UserService externalDocs: description: Chainloop Official Documentation url: https://docs.chainloop.dev paths: /v1/assessments/{id}: put: tags: - AssessmentService summary: Update an assessment description: Update an existing assessment. operationId: AssessmentService_Update parameters: - description: Assessment ID in: path name: id required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/v1AssessmentServiceUpdateBody' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/v1AssessmentServiceUpdateResponse' description: A successful response. '400': content: application/json: schema: $ref: '#/components/schemas/v1BadRequestResponse' description: Bad Request - The request was invalid or cannot be served. '401': content: application/json: schema: $ref: '#/components/schemas/v1UnauthorizedResponse' description: Unauthorized - Authentication is required. '403': content: application/json: schema: $ref: '#/components/schemas/v1PermissionDeniedResponse' description: Forbidden - You do not have permission to access this resource. '500': content: application/json: schema: $ref: '#/components/schemas/v1InternalServerErrorResponse' description: Internal Server Error - An unexpected error occurred on the server. default: content: application/json: schema: $ref: '#/components/schemas/rpcStatus' description: An unexpected error response. components: schemas: v1AssessmentServiceUpdateBody: description: Request to update an assessment properties: status: $ref: '#/components/schemas/v1AssessmentStatus' justification_code: $ref: '#/components/schemas/v1AssessmentJustificationCode' note: description: New note type: string products: $ref: '#/components/schemas/v1AssessmentProductList' scope: $ref: '#/components/schemas/v1AssessmentScope' project_version_name: description: Project version name (required when scope is PROJECT_VERSION) type: string title: AssessmentServiceUpdateRequest type: object v1AssessmentServiceUpdateResponse: description: Response for Update method example: result: justification_code: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED note: note remediation_branch_name: remediation_branch_name created_at: '2000-01-23T04:56:07.000Z' external_id: external_id remediation_pr_url: remediation_pr_url products: - purl_glob: purl_glob - purl_glob: purl_glob remediation_status: remediation_status updated_at: '2000-01-23T04:56:07.000Z' project_id: project_id cvss_vector: cvss_vector scope: ASSESSMENT_SCOPE_UNSPECIFIED id: id severity: FINDING_SEVERITY_UNSPECIFIED effective_reviewed_at: '2000-01-23T04:56:07.000Z' pending_revision: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 5.637376656633329 derived: rollup_active_axes: 7 dominant_low_axis: reason: reason axis: axis value: 9.301444243932576 rollup: 2.3021358869347655 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.962133916683182 id: id auto_remediable: true status: null remediation_pr_number: 0 project_version_id: project_version_id remediation_confidence: 6.027456183070403 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name remediation_status_reason: remediation_status_reason remediation_updated_at: '2000-01-23T04:56:07.000Z' organization_id: organization_id effective_reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true auto_remediable: true status: ASSESSMENT_STATUS_UNSPECIFIED properties: result: $ref: '#/components/schemas/v1AssessmentItem' title: AssessmentServiceUpdateResponse type: object v1BadRequestResponse: description: Response for bad request example: code: 0 details: - details - details message: message properties: code: default: 3 description: >- The error code indicating the type of error. It's fixed to 3, which is the code for INVALID_ARGUMENT. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: BadRequestResponse type: object v1UnauthorizedResponse: description: Response for unauthorized access example: code: 6 details: - details - details message: message properties: code: default: 16 description: >- The error code indicating the type of error. It's fixed to 16, which is the code for UNAUTHENTICATED. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: UnauthorizedResponse type: object v1PermissionDeniedResponse: description: Response for permission denied example: code: 1 details: - details - details message: message properties: code: default: 7 description: >- The error code indicating the type of error. It's fixed to 7, which is the code for PERMISSION_DENIED. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: PermissionDeniedResponse type: object v1InternalServerErrorResponse: description: Response for internal server error example: code: 5 details: - details - details message: message properties: code: default: 13 description: >- The error code indicating the type of error. It's fixed to 13, which is the code for INTERNAL_ERROR. format: int32 type: integer message: description: A human-readable message providing more details about the error. type: string details: description: Additional details about the error. items: type: string type: array required: - code - message title: InternalServerErrorResponse type: object rpcStatus: example: code: 5 details: - '@type': '@type' - '@type': '@type' message: message properties: code: format: int32 type: integer message: type: string details: items: $ref: '#/components/schemas/protobufAny' type: array type: object v1AssessmentStatus: default: ASSESSMENT_STATUS_UNSPECIFIED enum: - ASSESSMENT_STATUS_UNSPECIFIED - ASSESSMENT_STATUS_NOT_AFFECTED - ASSESSMENT_STATUS_AFFECTED - ASSESSMENT_STATUS_UNDER_INVESTIGATION - ASSESSMENT_STATUS_FIXED title: AssessmentStatus represents the OpenVEX-aligned status type: string v1AssessmentJustificationCode: default: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED enum: - ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED - ASSESSMENT_JUSTIFICATION_CODE_COMPONENT_NOT_PRESENT - ASSESSMENT_JUSTIFICATION_CODE_VULNERABLE_CODE_NOT_PRESENT - >- ASSESSMENT_JUSTIFICATION_CODE_VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY - ASSESSMENT_JUSTIFICATION_CODE_VULNERABLE_CODE_NOT_IN_EXECUTE_PATH - ASSESSMENT_JUSTIFICATION_CODE_INLINE_MITIGATIONS_ALREADY_EXIST title: AssessmentJustificationCode represents OpenVEX justification codes type: string v1AssessmentProductList: description: |- AssessmentProductList wraps a list of products so the Update RPC can distinguish "field not sent" (message absent) from "clear all products" (message present with empty entries). properties: entries: description: PURL globs identifying affected products items: $ref: '#/components/schemas/v1AssessmentProduct' type: array type: object v1AssessmentScope: default: ASSESSMENT_SCOPE_UNSPECIFIED enum: - ASSESSMENT_SCOPE_UNSPECIFIED - ASSESSMENT_SCOPE_PROJECT - ASSESSMENT_SCOPE_PROJECT_VERSION title: AssessmentScope represents the scope level of an assessment type: string v1AssessmentItem: description: Full representation of a security assessment example: justification_code: ASSESSMENT_JUSTIFICATION_CODE_UNSPECIFIED note: note remediation_branch_name: remediation_branch_name created_at: '2000-01-23T04:56:07.000Z' external_id: external_id remediation_pr_url: remediation_pr_url products: - purl_glob: purl_glob - purl_glob: purl_glob remediation_status: remediation_status updated_at: '2000-01-23T04:56:07.000Z' project_id: project_id cvss_vector: cvss_vector scope: ASSESSMENT_SCOPE_UNSPECIFIED id: id severity: FINDING_SEVERITY_UNSPECIFIED effective_reviewed_at: '2000-01-23T04:56:07.000Z' pending_revision: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 5.637376656633329 derived: rollup_active_axes: 7 dominant_low_axis: reason: reason axis: axis value: 9.301444243932576 rollup: 2.3021358869347655 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.962133916683182 id: id auto_remediable: true status: null remediation_pr_number: 0 project_version_id: project_version_id remediation_confidence: 6.027456183070403 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name remediation_status_reason: remediation_status_reason remediation_updated_at: '2000-01-23T04:56:07.000Z' organization_id: organization_id effective_reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true auto_remediable: true status: ASSESSMENT_STATUS_UNSPECIFIED properties: id: description: Unique identifier type: string organization_id: description: Organization ID type: string project_id: description: Project ID (set for PROJECT or PROJECT_VERSION scope) type: string project_version_id: description: Project version ID (set for PROJECT_VERSION scope) type: string external_id: description: Vulnerability or advisory identifier (e.g. CVE-2024-1234) type: string products: description: PURL globs identifying affected products items: $ref: '#/components/schemas/v1AssessmentProduct' type: array scope: $ref: '#/components/schemas/v1AssessmentScope' status: $ref: '#/components/schemas/v1AssessmentStatus' justification_code: $ref: '#/components/schemas/v1AssessmentJustificationCode' note: description: Free-text note type: string created_by: $ref: '#/components/schemas/v1AssessmentCreator' created_at: description: Creation timestamp format: date-time type: string updated_at: description: Last update timestamp format: date-time type: string remediation_status: description: 'Remediation outcome: SUCCESS, CANNOT_REMEDIATE, or ALREADY_FIXED' type: string remediation_status_reason: description: >- Explanation when remediation cannot be performed or when the project was already at a fixed version type: string remediation_pr_url: description: GitHub PR URL created by auto-remediation type: string remediation_pr_number: description: GitHub PR number created by auto-remediation format: int32 type: integer remediation_branch_name: description: Git branch name created by auto-remediation type: string remediation_updated_at: description: >- Timestamp of the last completed remediation attempt (success or cannot-remediate) format: date-time type: string remediation_confidence: description: Agent-reported certainty (0.0-1.0) in the remediation outcome format: double type: number effective_reviewer: $ref: '#/components/schemas/v1User' effective_reviewed_at: description: When the current effective revision was last reviewed format: date-time type: string pending_revision: $ref: '#/components/schemas/v1AssessmentRevision' severity: $ref: '#/components/schemas/v1FindingSeverity' cvss_vector: description: Representative CVSS vector string from the underlying vulnerability. type: string auto_remediable: description: >- AI-authored verdict on whether a mechanical fix is plausible. Unset unless the effective revision is AI-authored. type: boolean title: AssessmentItem type: object protobufAny: additionalProperties: type: object example: '@type': '@type' properties: '@type': type: string type: object v1AssessmentProduct: example: purl_glob: purl_glob properties: purl_glob: description: Package URL glob pattern type: string title: AssessmentProduct represents a PURL glob entry in the products field type: object v1AssessmentCreator: description: >- AssessmentCreator identifies who or what created an assessment. Exactly one oneof variant is populated (matching the declared type). SYSTEM-minted rows (e.g. auto NOT_AFFECTED on component removal) leave created_by unset on AssessmentItem. example: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name properties: type: $ref: '#/components/schemas/v1AssessmentCreatorType' user: $ref: '#/components/schemas/v1User' api_token: $ref: '#/components/schemas/v1AssessmentCreatorAPIToken' ai_agent: $ref: '#/components/schemas/v1AssessmentCreatorAIAgent' type: object v1User: description: Information about a user in the Chainloop platform. example: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true properties: id: description: Unique identifier of the user. title: The ID of the user type: string email: description: Email address of the user. title: The email of the user type: string intercom_hash: description: Computed hash of the user ID for use with Intercom. title: The computed hash of the user id to be used in intercom type: string created_at: description: Timestamp when the user account was created. format: date-time title: The time the user was created type: string first_name: description: First name of the user. title: The first name of the user type: string last_name: description: Last name of the user. title: The last name of the user type: string instance_admin: description: Whether the user is an instance admin. title: Whether the user is an instance admin type: boolean title: User type: object v1AssessmentRevision: description: >- Immutable snapshot of an assessment at a revision number, with authorship and review audit trails example: justification_code: null note: note approval_status: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED reviewed_at: '2000-01-23T04:56:07.000Z' created_at: '2000-01-23T04:56:07.000Z' assessment_id: assessment_id project_version_id: project_version_id reviewer: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true confidence_breakdown: schema_version: schema_version scores: key: reason: reason abstained: true value: 5.637376656633329 derived: rollup_active_axes: 7 dominant_low_axis: reason: reason axis: axis value: 9.301444243932576 rollup: 2.3021358869347655 created_by: api_token: id: id type: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED user: intercom_hash: intercom_hash created_at: '2000-01-23T04:56:07.000Z' last_name: last_name id: id first_name: first_name email: email instance_admin: true ai_agent: name: name revision: 1 products: - purl_glob: purl_glob - purl_glob: purl_glob review_note: review_note scope: null confidence_score: 5.962133916683182 id: id auto_remediable: true status: null properties: id: description: Revision UUID type: string assessment_id: description: Parent assessment UUID type: string revision: description: Monotonic revision number (starts at 1) format: int32 type: integer scope: $ref: '#/components/schemas/v1AssessmentScope' project_version_id: description: Project version ID (set for PROJECT_VERSION scope) type: string status: $ref: '#/components/schemas/v1AssessmentStatus' justification_code: $ref: '#/components/schemas/v1AssessmentJustificationCode' note: description: Note recorded on this revision type: string products: description: PURL globs recorded on this revision items: $ref: '#/components/schemas/v1AssessmentProduct' type: array created_by: $ref: '#/components/schemas/v1AssessmentCreator' created_at: description: When this revision was created format: date-time type: string approval_status: $ref: '#/components/schemas/v1AssessmentApprovalStatus' reviewer: $ref: '#/components/schemas/v1User' reviewed_at: description: When the review action was taken format: date-time type: string review_note: description: Reviewer note. Required on reject; optional on approve. type: string auto_remediable: description: >- AI verdict on whether a mechanical fix is plausible. Set only on AI-authored revisions. type: boolean confidence_score: description: Headline confidence (0.0-1.0). Set only for AI-authored revisions. format: double type: number confidence_breakdown: $ref: '#/components/schemas/v1ConfidenceBreakdown' title: AssessmentRevision type: object v1FindingSeverity: default: FINDING_SEVERITY_UNSPECIFIED description: >- FindingSeverity represents the severity level of a finding. Lives in shared_messages.proto so both finding.proto and assessment.proto can use it without creating an import cycle (finding.proto imports assessment.proto for AssessmentStatus, and assessment.proto needs FindingSeverity for the severity field on AssessmentItem). enum: - FINDING_SEVERITY_UNSPECIFIED - FINDING_SEVERITY_CRITICAL - FINDING_SEVERITY_HIGH - FINDING_SEVERITY_MEDIUM - FINDING_SEVERITY_LOW - FINDING_SEVERITY_INFO - FINDING_SEVERITY_UNKNOWN type: string v1AssessmentCreatorType: default: ASSESSMENT_CREATOR_TYPE_UNSPECIFIED description: >- AssessmentCreatorType is an explicit discriminator for AssessmentCreator, provided alongside the oneof so clients can branch without inspecting the oneof case directly (convenient for UI code). enum: - ASSESSMENT_CREATOR_TYPE_UNSPECIFIED - ASSESSMENT_CREATOR_TYPE_USER - ASSESSMENT_CREATOR_TYPE_AI_ASSISTED - ASSESSMENT_CREATOR_TYPE_API_TOKEN type: string v1AssessmentCreatorAPIToken: description: >- AssessmentCreatorAPIToken identifies an API token that created an assessment. example: id: id properties: id: description: API token UUID type: string type: object v1AssessmentCreatorAIAgent: description: >- AssessmentCreatorAIAgent identifies an AI agent that created an assessment. example: name: name properties: name: description: Human-readable agent name type: string type: object v1AssessmentApprovalStatus: default: ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED description: >- AssessmentApprovalStatus represents the approval lifecycle of an individual revision. Transitions are one-shot from PENDING to APPROVED or REJECTED. enum: - ASSESSMENT_APPROVAL_STATUS_UNSPECIFIED - ASSESSMENT_APPROVAL_STATUS_PENDING - ASSESSMENT_APPROVAL_STATUS_APPROVED - ASSESSMENT_APPROVAL_STATUS_REJECTED type: string v1ConfidenceBreakdown: description: Per-axis confidence breakdown plus platform-derived block example: schema_version: schema_version scores: key: reason: reason abstained: true value: 5.637376656633329 derived: rollup_active_axes: 7 dominant_low_axis: reason: reason axis: axis value: 9.301444243932576 rollup: 2.3021358869347655 properties: scores: additionalProperties: $ref: '#/components/schemas/v1ConfidenceAxisScore' description: Per-axis scores keyed by axis identifier type: object derived: $ref: '#/components/schemas/v1ConfidenceDerived' schema_version: description: Agent output schema version that produced this breakdown (e.g. "2"). type: string title: ConfidenceBreakdown type: object v1ConfidenceAxisScore: description: One axis from the agent's self-scored confidence breakdown example: reason: reason abstained: true value: 5.637376656633329 properties: value: description: Axis score in [0.0, 1.0]. Unset when abstained. format: double type: number reason: description: Agent's one-sentence justification for the axis score type: string abstained: description: True when the axis was not evaluable type: boolean title: ConfidenceAxisScore type: object v1ConfidenceDerived: description: Platform-computed rollup and dominant-axis surfacing example: rollup_active_axes: 7 dominant_low_axis: reason: reason axis: axis value: 9.301444243932576 rollup: 2.3021358869347655 properties: rollup: description: Geometric mean over non-abstained axes format: double type: number rollup_active_axes: description: Count of non-abstained axes contributing to the rollup format: int32 type: integer dominant_low_axis: $ref: '#/components/schemas/v1ConfidenceDominantLowAxis' title: ConfidenceDerived type: object v1ConfidenceDominantLowAxis: description: Lowest non-abstained axis driving a low-confidence verdict example: reason: reason axis: axis value: 9.301444243932576 properties: axis: description: Axis identifier type: string value: description: The axis's score format: double type: number reason: description: The agent's reason for the axis score type: string title: ConfidenceDominantLowAxis type: object securitySchemes: bearerToken: description: Bearer token for authentication type: http scheme: bearer bearerFormat: JWT ````