Schema for the rl-protect report format
The Spectra Assure platform supports a special format for analysis reports called rl-protect.
This format uses a JSON structure to capture the complete scan results for dependencies identified in package manifest files.
To generate reports in the rl-protect format, use the rl-protect tool.
This is done with the rl-protect scan command followed by the --(save-)report parameter.
This page describes the full schema of the rl-protect report format.
How to read the schema?โ
The schema contents are displayed as a schema model and described in alphabetical order.
The full rl-protect report example is displayed below the schema.
Desktop browsers: To make the schema easier to read, you can hide the navigation sidebar by selecting the << button at the bottom left of the page.
rl-protect report schemaโ
rl-protect report exampleโ
This example is for illustrative purposes only. It is used to visualize the report structure and does not represent any specific software package.
rl-protect report example
{
"analysis": {
"schema": 1,
"profile": {
"name": "Open Source [minimum]",
"info": "Spectra Assure analysis configuration that offers protection against malware, tampering, and actively exploited vulnerabilities.",
"timestamp": "2026-01-01T12:00:00+0000",
"file": "rl-oss-minimum.json"
},
"timestamp": "2025-08-19T12:44:58+0000",
"duration": "00:00:03.473",
"catalogue": 5,
"report": {
"packages": [
{
"purl": "pkg:npm/ua-parser-js@0.7.29",
"license": "Permissive (MIT)",
"homepage": "https://uaparser.dev",
"repository": "https://github.com/faisalman/ua-parser-js",
"published": "2025-08-19T12:44:58+0000",
"downloads": 2799619419,
"popularity": 10000,
"quarantined": null,
"removed": false,
"artifact": {
"name": "ua-parser-js-2.0.6.tgz",
"size": 761653,
"hashes": [
[
"sha256",
"80e9a397505aec1a0d62fffc7d14a04f3226d2b5c01ac0bc13c68a9b2284b6da"
],
[
"sha1",
"1dd221f7f2a27357c6a342296852f6391d77d4f0"
]
]
},
"deprecated": null,
"dependents": 3114,
"dependencies": [
"pkg:npm/detect-europe-js@0.1.2",
"pkg:npm/is-standalone-pwa@0.1.1",
"pkg:npm/ua-is-frozen@0.1.2"
],
"analysis": {
"report": "https://secure.software/npm/packages/ua-parser-js/0.7.29",
"recommendation": "REJECT",
"assessment": {
"licenses": {
"status": "pass",
"label": "No license compliance issues",
"count": 0,
"override": null
},
"secrets": {
"status": "fail",
"label": "1 web service credentials found",
"count": 1
},
"hardening": {
"status": "warning",
"label": "3 modern mitigations missing",
"count": 3,
"override": null
},
"vulnerabilities": {
"status": "fail",
"label": "1 severe vulnerabilities exploited",
"count": 1,
"override": {
"to_status": "pass",
"audit": {
"author": "Spectra Assure",
"timestamp": "2023-01-30T11:35:24+0000",
"reason": "Override reason"
}
}
},
"tampering": {
"status": "pass",
"label": "No evidence of software tampering",
"count": 0,
"override": null
},
"malware": {
"status": "pass",
"label": "No evidence of malware inclusion",
"count": 0,
"override": null
}
},
"vulnerabilities": {
"CVE-2022-25927": {
"name": "",
"summary": "ua-parser-js is vulnerable to Regular Expression Denial of Service (ReDoS) via the trim function.",
"cvss": {
"version": 3,
"baseScore": 7.5
},
"exploit": [
"EXISTS",
"FIXABLE"
]
}
},
"indicators": {
"BH15341": {
"description": "Contains unusually long strings.",
"occurrences": 2
}
},
"classifications": [
{
"object": "file",
"status": "Malicious",
"result": "Script-JS.Downloader.SupplyChain",
"hashes": [
[
"sha1",
"69834f154ea070abccb8b08a10fd2da0bcc83543"
],
[
"sha256",
"21e68b048024ba0cc5a2a94ecbc3a78c626ec7d5d705829a82ea4715131d0509"
]
]
}
],
"policy": {
"violations": {
"SQ30109": {
"status": "fail",
"description": "Detected presence of malicious files through analyst-vetted file reputation.",
"violations": 6,
"override": {
"to_status": "warning",
"audit": {
"author": "Spectra Assure",
"timestamp": "2023-01-30T11:35:24+0000",
"reason": "Override reason"
}
}
}
},
"governance": [
{
"status": "blocked",
"author": "Spectra Assure",
"timestamp": "2023-01-30T11:35:24+0000",
"reason": "User is prohibited from using this package internally"
},
{
"status": "blocked",
"author": "Spectra Assure",
"timestamp": "2023-01-30T11:35:24+0000",
"reason": "Package published 1 day(s) ago"
},
{
"status": "allowed",
"author": "Spectra Assure",
"timestamp": "2023-01-30T11:35:24+0000",
"reason": "Suppressing detection false positives"
}
]
}
}
}
],
"errors": [
{
"purl": "pkg:npm/package-does-not-exist",
"error": {
"code": 404,
"info": "Package not found for pkg:npm/package-does-not-exist"
}
}
]
}
}
}