Schema for the rl-checks report format
The Spectra Assure platform supports a special format for analysis reports called rl-checks.
This format provides a summary of all checks performed during software package analysis, and it's particularly suitable for workflows involving reproducible builds.
To generate reports in the rl-checks format:
- with
rl-secureCLI, use the rl-secure report command - with the Spectra Assure Portal APIs, use the "Export analysis report" endpoint
This page describes the full schema of the rl-checks report format.
How to read the schema?โ
The schema contents are displayed as an expandable schema model and described in alphabetical order. Expandable items have an arrow indicator next to their name. Select the arrow to expand the item and view its contents.
The full rl-checks report example is displayed in the code block.
You can copy the whole example by selecting "Copy" or expand/collapse all example fields in the code block.
Desktop browsers: To make the schema easier to read, you can hide the navigation sidebar by selecting the << button at the bottom left of the page.
| duration required | string Indicates how long it took to complete the analysis. |
| schema required | number Version of the report schema. Version number is incremented to indicate a break of backwards compatibility. |
| timestamp required | string <date-time> Indicates when the software package was last analyzed in ISO-8601 time format. |
| version required | string Version of the analysis engine that was used to scan the software package. |
required | object Summary of checks performed by Spectra Assure during analysis. |
{- "duration": "00:00:02.334",
- "schema": 1,
- "timestamp": "2023-04-06T17:09:44+02:00",
- "version": "5.0.0.1",
- "report": {
- "info": {
- "summary": {
- "fail_checks": 1,
- "pass_checks": 3,
- "reproducible": "repro-check-fail",
- "scan_label": "RB:FAIL",
- "scan_status": "fail"
}, - "properties": [ ]
}, - "scans": {
- "scan-repro": {
- "artifact": {
- "classification": {
- "result": "",
- "status": "Malicious"
}, - "format": "GZIP",
- "hashes": [
- [
- "md5",
- "ff0fd1e7a5df8a22d0c921ebe7b1b793"
], - [
- "sha1",
- "d63932d669fe6da664b4183d8e1d5a33a9492b9f"
], - [
- "sha256",
- "4430b43199a020b9a1f3bcfa9c55fcc207aea79ec4731def885e89980b8fe880"
]
], - "identity": {
- "authors": [ ],
- "community": "general",
- "homepage": "",
- "license": "Copyleft (LGPL)",
- "product": "7-Zip Installer",
- "publisher": "Igor Pavlov",
- "purl": "",
- "verified": true,
- "version": "15.14"
}, - "name": "my_file",
- "path": "",
- "properties": null,
- "quality": {
- "effort": "low",
- "priority": 4,
- "severity": "low",
- "status": "pass"
}, - "sbom": false,
- "size": 210812,
- "subtype": "Archive",
- "type": "Binary",
- "version": "Generic"
}, - "assessments": {
- "licenses": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "malware": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "hardening": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "secrets": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "tampering": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "vulnerabilities": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}
}, - "checks": [
- {
- "final": true,
- "label": "L5:FAIL",
- "reference": "ab0f2461-58a9-49ea-99ee-042487921e43",
- "status": "fail",
- "type": "artifact-check"
}
], - "final": true,
- "inhibitors": {
- "customized": false,
- "exclusions": {
- "SQ31102": 4
}, - "next_level": 5,
- "scan_level": 3
}, - "statistics": {
- "bad_checksum": 0,
- "bad_format": 0,
- "bad_password": 0,
- "components": 9,
- "extracted": 363,
- "licenses": {
- "copyleft": 4,
- "freemium": 0,
- "freeware": 1,
- "non-commercial": 0,
- "permissive": 7,
- "proprietary": 1,
- "public_domain": 1,
- "shareware": 0,
- "undeclared": 0,
- "weak_copyleft": 3
}, - "quality": {
- "issues": {
- "pass": 34,
- "warning": 0,
- "fail": 5,
- "high": 8,
- "medium": 3,
- "low": 0,
- "total": 11
}, - "metrics": {
- "pass": 34,
- "warning": 0,
- "fail": 5,
- "high": 8,
- "medium": 3,
- "low": 0,
- "total": 11
}, - "priority": 0,
- "status": "fail"
}, - "unsupported": 0,
- "vulnerabilities": {
- "critical": 0,
- "exploit": 62,
- "fixable": 143,
- "high": 4,
- "low": 0,
- "malware": 0,
- "mandate": 0,
- "medium": 0,
- "named": 0,
- "total": 7,
- "triaged": 3
}
}
}, - "scan-version": {
- "artifact": {
- "classification": {
- "result": "",
- "status": "Malicious"
}, - "format": "GZIP",
- "hashes": [
- [
- "md5",
- "ff0fd1e7a5df8a22d0c921ebe7b1b793"
], - [
- "sha1",
- "d63932d669fe6da664b4183d8e1d5a33a9492b9f"
], - [
- "sha256",
- "4430b43199a020b9a1f3bcfa9c55fcc207aea79ec4731def885e89980b8fe880"
]
], - "identity": {
- "authors": [ ],
- "community": "general",
- "homepage": "",
- "license": "Copyleft (LGPL)",
- "product": "7-Zip Installer",
- "publisher": "Igor Pavlov",
- "purl": "",
- "verified": true,
- "version": "15.14"
}, - "name": "my_file",
- "path": "",
- "properties": null,
- "quality": {
- "effort": "low",
- "priority": 4,
- "severity": "low",
- "status": "pass"
}, - "sbom": false,
- "size": 210812,
- "subtype": "Archive",
- "type": "Binary",
- "version": "Generic"
}, - "assessments": {
- "licenses": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "malware": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "hardening": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "secrets": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "tampering": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}, - "vulnerabilities": {
- "count": 17,
- "final": true,
- "label": "string",
- "priority": 0,
- "status": "fail",
- "violations": [
- "SQ14102"
]
}
}, - "checks": [
- {
- "final": true,
- "label": "L5:FAIL",
- "reference": "ab0f2461-58a9-49ea-99ee-042487921e43",
- "status": "fail",
- "type": "artifact-check"
}
], - "final": true,
- "inhibitors": {
- "customized": false,
- "exclusions": {
- "SQ31102": 4
}, - "next_level": 5,
- "scan_level": 3
}, - "statistics": {
- "bad_checksum": 0,
- "bad_format": 0,
- "bad_password": 0,
- "components": 9,
- "extracted": 363,
- "licenses": {
- "copyleft": 4,
- "freemium": 0,
- "freeware": 1,
- "non-commercial": 0,
- "permissive": 7,
- "proprietary": 1,
- "public_domain": 1,
- "shareware": 0,
- "undeclared": 0,
- "weak_copyleft": 3
}, - "quality": {
- "issues": {
- "pass": 34,
- "warning": 0,
- "fail": 5,
- "high": 8,
- "medium": 3,
- "low": 0,
- "total": 11
}, - "metrics": {
- "pass": 34,
- "warning": 0,
- "fail": 5,
- "high": 8,
- "medium": 3,
- "low": 0,
- "total": 11
}, - "priority": 0,
- "status": "fail"
}, - "unsupported": 0,
- "vulnerabilities": {
- "critical": 0,
- "exploit": 62,
- "fixable": 143,
- "high": 4,
- "low": 0,
- "malware": 0,
- "mandate": 0,
- "medium": 0,
- "named": 0,
- "total": 7,
- "triaged": 3
}
}
}
}
}
}