{ "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", "version": "2.1.0", "runs": [ { "tool": { "driver": { "name": "REACHABLE", "version": "1.0.0b136", "semanticVersion": "1.0.0b136", "informationUri": "https://reachable.dev", "rules": [], "properties": { "reachabilityAnalysis": true, "callGraphTracing": true, "multiSignalCorrelation": true, "findingTypes": [ "CVE", "SECRET", "CWE", "MALWARE", "SUSPICIOUS", "AI", "DLP" ] } } }, "invocations": [ { "executionSuccessful": true, "startTimeUtc": "2026-07-09T21:34:08Z", "endTimeUtc": "2026-07-09T21:34:08Z" } ], "results": [], "properties": { "reportingScope": "code-scanning", "totalActionable": 0, "totalProductionPosture": 0, "totalEvidenceFindings": 0, "byType": {}, "byReachability": {}, "byProdStatus": {}, "riskLevel": "NONE", "languages": [ "config", "go", "python" ], "reachabilityNote": "This report contains production actionable EXPLOITABLE, REACHABLE, UNKNOWN, and DEFENDED findings. NON_PROD and NOT_REACHABLE findings are omitted." }, "versionControlProvenance": [ { "repositoryUri": "https://gitlab.com/sthenos-security-public/reach-testbed-gitlab-catalog", "branch": "reachable-remediate-2665924351", "revisionId": "bb600c87301c2453ca2cf2bc3fdbaf317fecb86c" } ] } ] }