Schema for the rl-checks report format
The Spectra Assure platform supports a special format for analysis reports called rl-checks
.
This format provides a summary of all checks performed during software package analysis, and it's particularly suitable for workflows involving reproducible builds.
To generate reports in the rl-checks
format:
- with
rl-secure
CLI, use the rl-secure report command - with the Spectra Assure Portal APIs, use the "Export analysis report" endpoint
This page describes the full schema of the rl-checks
report format.
How to read the schema?โ
The schema contents are displayed as an expandable schema model and described in alphabetical order. Expandable items have an arrow indicator next to their name. Select the arrow to expand the item and view its contents.
The full rl-checks
report example is displayed below the schema.
You can copy the whole example by selecting "Copy" in the code block.
Desktop browsers: To make the schema easier to read, you can hide the navigation sidebar by selecting the <<
button at the bottom left of the page.
rl-checks report schemaโ
rl-checks report exampleโ
This example is for illustrative purposes only. It is used to visualize the report structure and does not represent any specific software package.
{
"duration": "00:00:02.334",
"schema": 3,
"timestamp": "2025-03-11T14:27:04+01:00",
"version": "5.3.0.112",
"report": {
"info": {
"summary": {
"fail_checks": 1,
"pass_checks": 0,
"reproducible": "repro-not-checked",
"scan_label": "L5:FAIL",
"scan_status": "fail"
},
"properties": []
},
"scans": {
"scan-repro": {
"artifact": {
"format": "GZIP",
"hashes": [
[
"md5",
"ff0fd1e7a5df8a22d0c921ebe7b1b793"
],
[
"sha1",
"d63932d669fe6da664b4183d8e1d5a33a9492b9f"
],
[
"sha256",
"4430b43199a020b9a1f3bcfa9c55fcc207aea79ec4731def885e89980b8fe880"
]
],
"name": "7z1514-x64.msi",
"path": "",
"size": 210812,
"subtype": "Archive",
"type": "Binary",
"version": "Generic"
},
"assessments": {
"licenses": {
"count": 2,
"label": "patent license considerations",
"priority": 0,
"status": "fail",
"violations": [
"SQ12408"
],
"final": false,
"evaluations": [
{
"count": 1,
"label": "software distribution restrictions",
"priority": 2,
"status": "warning",
"violations": [
"SQ12405"
]
}
]
},
"malware": {
"count": 6,
"label": "supply chain attack artifacts",
"priority": 0,
"status": "fail",
"violations": [
"SQ30105"
],
"final": true,
"evaluations": [
{
"count": 6,
"label": "analyst-vetted malware found",
"priority": 0,
"status": "fail",
"violations": [
"SQ30109"
]
},
{
"count": 3,
"label": "malicious components found",
"priority": 0,
"status": "fail",
"violations": [
"SQ30107"
]
}
]
},
"hardening": {
"count": 1,
"label": "baseline mitigations missing",
"priority": 1,
"status": "warning",
"violations": [
"SQ14102"
],
"final": false,
"evaluations": [
{
"count": 1,
"label": "modern mitigations missing",
"priority": 3,
"status": "warning",
"violations": [
"SQ14122"
]
}
]
},
"secrets": {
"count": 2,
"label": "active web service credentials",
"priority": 0,
"status": "fail",
"violations": [
"SQ34401",
"SQ34403"
],
"final": false,
"evaluations": [
{
"count": 10,
"label": "plaintext private keys found",
"priority": 0,
"status": "fail",
"violations": [
"SQ34108",
"SQ34109"
]
}
]
},
"tampering": {
"count": 1,
"label": "malware-like behaviors found",
"priority": 0,
"status": "fail",
"violations": [
"TH15104"
],
"final": false,
"evaluations": [
{
"count": 2,
"label": "malicious network references",
"priority": 0,
"status": "fail",
"violations": [
"TH17117"
]
}
]
},
"vulnerabilities": {
"count": 5,
"label": "patch mandated vulnerabilities",
"priority": 0,
"status": "fail",
"violations": [
"SQ31101"
],
"final": false,
"evaluations": [
{
"count": 11,
"label": "critical severity vulnerabilities",
"priority": 0,
"status": "fail",
"violations": [
"SQ31104"
]
}
]
}
},
"checks": [
{
"final": true,
"label": "L5:FAIL",
"reference": "ab0f2461-58a9-49ea-99ee-042487921e43",
"status": "fail",
"type": "artifact-check"
}
],
"final": true,
"inhibitors": {
"customized": false,
"exclusions": {
"SQ31102": 4
},
"next_level": 5,
"scan_level": 3
},
"rl_store": {
"purl": "pkg:type/my-project/my-package@1.0",
"project": "my-project",
"package": "my-package",
"version": 1,
"qualifiers": ""
},
"statistics": {
"bad_checksum": 0,
"bad_format": 0,
"bad_password": 0,
"components": 9,
"extracted": 363,
"licenses": {
"copyleft": 4,
"freemium": 0,
"freeware": 1,
"non-commercial": 0,
"permissive": 7,
"proprietary": 1,
"public_domain": 1,
"shareware": 0,
"undeclared": 0,
"weak_copyleft": 3
},
"quality": {
"issues": {
"pass": 34,
"warning": 0,
"fail": 5,
"high": 8,
"medium": 3,
"low": 0,
"total": 11
},
"metrics": {
"pass": 34,
"warning": 0,
"fail": 5,
"high": 8,
"medium": 3,
"low": 0,
"total": 11
},
"priority": 0,
"status": "pass"
},
"unsupported": 0,
"vulnerabilities": {
"critical": 0,
"exploit": 62,
"fixable": 143,
"high": 4,
"low": 0,
"malware": 0,
"mandate": 0,
"medium": 0,
"named": 0,
"total": 7,
"triaged": 3
}
}
},
"scan-version": {
"artifact": {
"format": "GZIP",
"hashes": [
[
"md5",
"ff0fd1e7a5df8a22d0c921ebe7b1b793"
],
[
"sha1",
"d63932d669fe6da664b4183d8e1d5a33a9492b9f"
],
[
"sha256",
"4430b43199a020b9a1f3bcfa9c55fcc207aea79ec4731def885e89980b8fe880"
]
],
"name": "7z1514-x64.msi",
"path": "",
"size": 210812,
"subtype": "Archive",
"type": "Binary",
"version": "Generic"
},
"assessments": {
"licenses": {
"count": 2,
"label": "patent license considerations",
"priority": 0,
"status": "fail",
"violations": [
"SQ12408"
],
"final": false,
"evaluations": [
{
"count": 1,
"label": "software distribution restrictions",
"priority": 2,
"status": "warning",
"violations": [
"SQ12405"
]
}
]
},
"malware": {
"count": 6,
"label": "supply chain attack artifacts",
"priority": 0,
"status": "fail",
"violations": [
"SQ30105"
],
"final": true,
"evaluations": [
{
"count": 6,
"label": "analyst-vetted malware found",
"priority": 0,
"status": "fail",
"violations": [
"SQ30109"
]
},
{
"count": 3,
"label": "malicious components found",
"priority": 0,
"status": "fail",
"violations": [
"SQ30107"
]
}
]
},
"hardening": {
"count": 1,
"label": "baseline mitigations missing",
"priority": 1,
"status": "warning",
"violations": [
"SQ14102"
],
"final": false,
"evaluations": [
{
"count": 1,
"label": "modern mitigations missing",
"priority": 3,
"status": "warning",
"violations": [
"SQ14122"
]
}
]
},
"secrets": {
"count": 2,
"label": "active web service credentials",
"priority": 0,
"status": "fail",
"violations": [
"SQ34401",
"SQ34403"
],
"final": false,
"evaluations": [
{
"count": 10,
"label": "plaintext private keys found",
"priority": 0,
"status": "fail",
"violations": [
"SQ34108",
"SQ34109"
]
}
]
},
"tampering": {
"count": 1,
"label": "malware-like behaviors found",
"priority": 0,
"status": "fail",
"violations": [
"TH15104"
],
"final": false,
"evaluations": [
{
"count": 2,
"label": "malicious network references",
"priority": 0,
"status": "fail",
"violations": [
"TH17117"
]
}
]
},
"vulnerabilities": {
"count": 5,
"label": "patch mandated vulnerabilities",
"priority": 0,
"status": "fail",
"violations": [
"SQ31101"
],
"final": false,
"evaluations": [
{
"count": 11,
"label": "critical severity vulnerabilities",
"priority": 0,
"status": "fail",
"violations": [
"SQ31104"
]
}
]
}
},
"checks": [
{
"final": true,
"label": "L5:FAIL",
"reference": "ab0f2461-58a9-49ea-99ee-042487921e43",
"status": "fail",
"type": "artifact-check"
}
],
"final": true,
"inhibitors": {
"customized": false,
"exclusions": {
"SQ31102": 4
},
"next_level": 5,
"scan_level": 3
},
"rl_store": {
"purl": "pkg:type/my-project/my-package@1.0",
"project": "my-project",
"package": "my-package",
"version": 1,
"qualifiers": ""
},
"statistics": {
"bad_checksum": 0,
"bad_format": 0,
"bad_password": 0,
"components": 9,
"extracted": 363,
"licenses": {
"copyleft": 4,
"freemium": 0,
"freeware": 1,
"non-commercial": 0,
"permissive": 7,
"proprietary": 1,
"public_domain": 1,
"shareware": 0,
"undeclared": 0,
"weak_copyleft": 3
},
"quality": {
"issues": {
"pass": 34,
"warning": 0,
"fail": 5,
"high": 8,
"medium": 3,
"low": 0,
"total": 11
},
"metrics": {
"pass": 34,
"warning": 0,
"fail": 5,
"high": 8,
"medium": 3,
"low": 0,
"total": 11
},
"priority": 0,
"status": "pass"
},
"unsupported": 0,
"vulnerabilities": {
"critical": 0,
"exploit": 62,
"fixable": 143,
"high": 4,
"low": 0,
"malware": 0,
"mandate": 0,
"medium": 0,
"named": 0,
"total": 7,
"triaged": 3
}
}
}
}
}
}