Schema for the rl-json report format
The Spectra Assure platform supports a special format for analysis reports called rl-json.
This format is intended for use in integration workflows and with various tools that can parse and transform JSON data.
To generate reports in the rl-json format:
- with
rl-secureCLI, use the rl-secure report command - with the Spectra Assure Portal APIs, use the "Export analysis report" endpoint
This page describes the full schema of the rl-json report format.
How to read the schema?โ
The schema contents are described on the left in alphabetical order. Expandable items in the schema have an arrow indicator next to their name. Click the arrow to expand the item and view its contents.
The full rl-json report example is displayed on the right.
You can copy the whole example by selecting "Copy" or expand/collapse all example fields on the right.
To make the schema easier to read, you can hide the navigation sidebar by selecting the << button at the bottom left of the page.
| duration required | string Indicates how long it took to complete the analysis step. |
required | object Summary of the ReversingLabs Spectra Assure analysis report. |
| schema required | number Value: 3 Version of this schema (the |
| timestamp required | string <date-time> Indicates when the software package was last analyzed in ISO-8601 time format. |
| version required | string Version of the analysis engine that was used to inspect the software package. |
{- "duration": "00:00:02.334",
- "report": {
- "info": {
- "detections": {
- "Goodware": {
- "No Threats Detected": 363
}, - "Malicious": {
- "Downloader": 5,
- "Trojan": 2
}, - "Suspicious": {
- "Malware": 7
}, - "Unknown": {
- "No Threats Detected": 1098
}
}, - "disabled": [
- "SQ14120",
- "SQ14126",
- "SQ14129",
- "SQ14130"
], - "file": {
- "classification": {
- "result": "",
- "status": "Malicious"
}, - "format": "MSI",
- "hashes": [
- [
- "md5",
- "ff0fd1e7a5df8a22d0c921ebe7b1b793"
], - [
- "sha1",
- "d63932d669fe6da664b4183d8e1d5a33a9492b9f"
], - [
- "sha256",
- "4430b43199a020b9a1f3bcfa9c55fcc207aea79ec4731def885e89980b8fe880"
]
], - "identity": {
- "authors": [ ],
- "community": "general",
- "homepage": "",
- "license": "Copyleft (LGPL)",
- "product": "7-Zip Installer",
- "publisher": "Igor Pavlov",
- "purl": "",
- "verified": true,
- "version": "15.14",
- "dependencies": [
- "5d0e7ec6-9300-47a3-8680-b248ac356b48",
- "5eac12cc-c55b-4661-900d-9f232fbcc11a",
- "682d537a-23f9-4084-bcaa-7959fb8faec0",
- "916c31a3-3334-4c4f-9733-9761459e1be9"
], - "vulnerabilities": {
- "active": [
- "CVE-2016-7804"
], - "triaged": [
- ""
]
}
}, - "name": "7z1514-x64.msi",
- "path": "",
- "quality": {
- "effort": "high",
- "priority": 0,
- "severity": "high",
- "status": "pass"
}, - "sbom": true,
- "size": 1655808,
- "subtype": "Archive",
- "type": "Binary",
- "version": "Generic"
}, - "inhibitors": {
- "customized": false,
- "exclusions": {
- "SQ31102": 4
}, - "next_level": 5,
- "scan_level": 3
}, - "properties": [ ],
- "statistics": {
- "components": 9,
- "extracted": 363,
- "quality": {
- "issues": {
- "pass": 34,
- "warning": 0,
- "fail": 5,
- "high": 8,
- "medium": 3,
- "low": 0,
- "total": 11
}, - "metrics": {
- "pass": 34,
- "warning": 0,
- "fail": 5,
- "high": 8,
- "medium": 3,
- "low": 0,
- "total": 11
}, - "priority": 0,
- "status": "fail"
}, - "vulnerabilities": {
- "critical": 0,
- "exploit": 62,
- "fixable": 143,
- "high": 4,
- "low": 0,
- "malware": 0,
- "mandate": 0,
- "medium": 0,
- "named": 0,
- "total": 7,
- "triaged": 3
}
}, - "warnings": [ ]
}, - "metadata": {
- "assessments": {
- "licenses": {
- "count": 5,
- "enabled": true,
- "final": false,
- "label": "copy-left licensed components",
- "status": "warning",
- "violations": [
- "SQ12101"
]
}, - "malware": {
- "count": 0,
- "enabled": true,
- "final": false,
- "label": "No evidence of malware inclusion",
- "status": "pass",
- "violations": [ ]
}, - "hardening": {
- "count": 13,
- "enabled": true,
- "final": true,
- "label": "baseline mitigations missing",
- "status": "warning",
- "violations": [
- "SQ14102"
]
}, - "secrets": {
- "count": 0,
- "enabled": true,
- "final": false,
- "label": "No sensitive information found",
- "status": "pass",
- "violations": [
- "SQ14108",
- "SQ14109"
]
}, - "tampering": {
- "count": 0,
- "enabled": true,
- "final": false,
- "label": "No evidence of software tampering",
- "status": "pass",
- "violations": [
- "SQ20104"
]
}, - "vulnerabilities": {
- "count": 5,
- "enabled": true,
- "final": false,
- "label": "actively exploited vulnerabilities",
- "status": "warning",
- "violations": [
- "SQ31103"
]
}
}, - "components": {
- "component-id": {
- "classification": {
- "result": "",
- "status": "Malicious"
}, - "format": "MSI",
- "hashes": [
- [
- "md5",
- "ff0fd1e7a5df8a22d0c921ebe7b1b793"
], - [
- "sha1",
- "d63932d669fe6da664b4183d8e1d5a33a9492b9f"
], - [
- "sha256",
- "4430b43199a020b9a1f3bcfa9c55fcc207aea79ec4731def885e89980b8fe880"
]
], - "identity": {
- "authors": [ ],
- "community": "general",
- "homepage": "",
- "license": "Copyleft (LGPL)",
- "product": "7-Zip Installer",
- "publisher": "Igor Pavlov",
- "purl": "",
- "verified": true,
- "version": "15.14",
- "dependencies": [
- "5d0e7ec6-9300-47a3-8680-b248ac356b48",
- "5eac12cc-c55b-4661-900d-9f232fbcc11a",
- "682d537a-23f9-4084-bcaa-7959fb8faec0",
- "916c31a3-3334-4c4f-9733-9761459e1be9"
], - "vulnerabilities": {
- "active": [
- "CVE-2016-7804"
], - "triaged": [
- ""
]
}
}, - "name": "7z1514-x64.msi",
- "path": "",
- "quality": {
- "effort": "high",
- "priority": 0,
- "severity": "high",
- "status": "pass"
}, - "sbom": true,
- "size": 1655808,
- "subtype": "Archive",
- "type": "Binary",
- "version": "Generic"
}
}, - "dependencies": {
- "1953d3ea-2044-40f0-a0e3-d7ff40bbe48f": {
- "authors": [ ],
- "community": "general",
- "homepage": "",
- "license": "Proprietary (Microsoft Windows Operating System License)",
- "product": "ole32",
- "publisher": "Microsoft Corporation",
- "purl": "",
- "repository": "",
- "verified": true,
- "version": "Generic",
- "vulnerabilities": [ ]
}
}, - "indicators": {
- "dcfb9180-d992-450a-8ec3-1a9dd66f77a1": {
- "category": "permissions",
- "description": "Tampers with user/account privileges.",
- "exclusions": 0,
- "occurrences": 3,
- "priority": 5,
- "rule_id": "BH12760",
- "violations": 0
}
}, - "secrets": {
- "secrets": {
- "2b156bcc-d456-4ea5-b365-175c094db316": {
- "evidence": {
- "audit": "null,",
- "canary": "false,",
- "endpoints": [
- {
- "error": "",
- "label": "Google Cloud",
- "liveness": "active",
}
], - "file_offset": "96,",
- "line_number": "3,",
- "liveness": "active,",
- "references": {
- "component": [
- "8aa60d85-4b7f-405a-8206-79aa4f0bcef1"
]
}, - "rule_id": "SQ34402,",
- "secret": "rl-sha256:2eb9cab1fb188d8d8677ff084387d6c85e7874b249595c747b4870789df07d1b,"
}, - "exposed": "true,",
- "service": "Google Cloud API Key,",
- "timestamp": ""
}
}
}, - "violations": {
- "UUID": {
- "audit": {
- "author": "Spectra Assure",
- "reason": "Relaxed policy level rules",
- "timestamp": "2021-12-01T03:56:12+0000"
}, - "category": "hardening",
- "description": "Detected Windows executable files that do not implement CFG vulnerability mitigation protection.",
- "effort": "low",
- "enabled": true,
- "priority": 3,
- "references": {
- "component": [
- "0564f115-be31-4b10-a042-148669575d3c",
- "1c5edd26-eeb3-47ee-ba23-e247fb393127",
- "30cef51f-2ddc-40bf-8749-db17ca178e08",
- "3e116fd6-c347-4b62-b731-1a15b80cb969"
]
}, - "rule_id": "SQ14122",
- "severity": "medium",
- "statistics": {
- "applicable": 8,
- "enforcements": 0,
- "exclusions": 0,
- "violations": 8
}, - "status": "pass"
}
}, - "vulnerabilities": {
- "CVE-2016-2335": {
- "cvss": {
- "baseScore": "8.8",
- "metrics": [
- "Attack Vector",
- "Network"
], - "version": 3
}, - "exploit": [
- "EXISTS"
], - "name": "",
- "sources": [
- "NVD",
- "OSV",
- "KEV"
]
}
}
}
}, - "schema": 3,
- "timestamp": "2023-04-06T17:09:44+02:00",
- "version": "5.0.0.1"
}