# GLOSI API Documentation

<div align="left"><figure><img src="/files/R32LyNJsV4D1UtjiIc7t" alt="" width="375"><figcaption></figcaption></figure></div>

*© 2026 Lineaje, Inc. All rights reserved. Proprietary and Confidential*

## Introduction

This reference describes the GLOSI REST API and Lineaje Query Language (LQL), enabling you to query component, vulnerability, and supply chain data programmatically.

GLOSI data is accessible via a REST endpoint. Lineaje exposes LQL on this endpoint to simplify queries and support advanced analytical use cases. LQL is a flexible query language designed to search and analyze GLOSI data. It provides an intuitive syntax for filtering, aggregating, and visualizing data related to components and vulnerabilities.

### Deployment Models

GLOSI supports two deployment models:

* **Local deployment** — GLOSI is deployed within the customer's own infrastructure. The API endpoint is local to the customer environment.
* **Cloud API** — Lineaje hosts the GLOSI endpoint. No local deployment is required.

## API Endpoint

### Endpoint URLs

Use the endpoint that matches your deployment model:

| Deployment Model     | Endpoint URL                                                                       |
| -------------------- | ---------------------------------------------------------------------------------- |
| **Local deployment** | `http://:8000/api/v2/lql/components`                                               |
| **Lineaje Cloud**    | `https://data-service-v2-apigw.commercialdev.dev.veedna.com/api/v2/lql/components` |

### Request

**Method:** POST

#### Request Headers

| Header       | Required | Description                                                                   |
| ------------ | -------- | ----------------------------------------------------------------------------- |
| accept       | No       | Accepted response media types. Recommended: application/json, text/plain, */* |
| content-type | Yes      | Must be application/json                                                      |
| company-id   | Yes      | Your Lineaje company identifier (for example: vdna\_994mgmr65tculnfy)         |
| product-id   | No       | Product identifier. Use 1 for the default product scope.                      |

#### Request Body Parameters

| Parameter          | Type    | Required | Description                                                                                                                                |
| ------------------ | ------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
| lql                | string  | Yes      | The LQL query string. See LQL Syntax for the full grammar.                                                                                 |
| limit              | integer | No       | Maximum number of results to return per page. Default: 10.                                                                                 |
| page\_no           | integer | No       | Page number for paginated results. Default: 1.                                                                                             |
| is\_opensource     | boolean | No       | When true, restricts results to open-source packages only.                                                                                 |
| include\_raw\_data | boolean | No       | When false, the raw document array in the response is empty. Use false with chart table() to return only function results. Default: false. |

Example request:

```bash
curl -X POST http://<GLOSI-service-endpoint>:8000/api/v2/lql/components \ 
  -H "accept: application/json, text/plain, */*" \ 
  -H "content-type: application/json" \ 
  -H "company-id: <company_id>" \ 
  -H "product-id: 1" \ 
  -d '{ "lql": "your LQL query here", "limit": 10, "page_no": 1, "is_opensource": true, "include_raw_data": false }'
```

### Response

#### Pagination Fields

Every response includes these top-level pagination fields:

| Field         | Description                                 |
| ------------- | ------------------------------------------- |
| total\_hits   | Total number of records matching the query. |
| total\_docs   | Number of records returned on this page.    |
| current\_page | The current page number.                    |
| total\_pages  | Total number of available pages.            |

#### Result Fields

Result data appears under keys named after the query components:

| Key               | Description                                                                                                                     |
| ----------------- | ------------------------------------------------------------------------------------------------------------------------------- |
| "\<search\_term>" | Array of raw matching documents. Empty when include\_raw\_data is false.                                                        |
| "function: "      | Array of rows produced by the function (for example: chart table()). Present only when a function is included in the LQL query. |
| all\_columns      | All field names available in the result set (returned with chart table()).                                                      |
| default\_columns  | The fields requested in the chart table() call.                                                                                 |

## LQL Syntax

An LQL query consists of up to four components, evaluated left to right and separated by the pipe character (|):

`search_term | function parameters | command(parameters) | clause parameters`

Each query must contain:

* Exactly one search term
* Zero or more functions
* Zero or more commands
* Zero or more clauses

### Search Terms

Search terms are the foundation of any LQL query. They act like a database WHERE clause, defining which records to include. When submitted without any other component, LQL returns the raw matching documents.

Search terms support exact matching, wildcards, ranges, and logical operators:

```
package.name=log4j # Exact match
vulnerability.severity=critical # Field equals a specific value
project.created>=2025-06-21 # Greater than or equal comparison
vulnerability.name=CVE-2021-* # Wildcard matching
field1=value1 $OR field2=value2 # Logical OR across fields
```

### Functions

Use functions to perform calculations or transformations on your data, producing aggregate results rather than individual records. Functions are useful for data analysis and visualization:

```
stats count(package.name) # Count total package names
stats unique_count(package.name) # Count distinct package names
stats avg(irl.irl_score) # Calculate average IRL score
chart table(field1, field2) # Format results as a table
```

### Commands

Commands modify how search results are processed or presented. They transform the result set without changing which records are included. Apply commands using the pipe (|) symbol:

```
sort(field:asc) # Sort results ascending
collapse(field) # Group by field; return the top document per group
collapse_latest(field) # Group by field; return the latest document per group
boost(field1:3.0) # Increase relevance score for matches in a field
```

Commands are processed left to right, each operating on the output of the previous one.

### Clauses

Clauses extend function capabilities by specifying how results are grouped or filtered. The most common clause is by, which groups function results:

```
stats unique_count(project.name) by vulnerability.severity
chart table(field1, field2) by group_field
```

Clauses support nested aggregations for hierarchical grouping:

```
stats count(project.name) by (package.name, project.organisation)
```

### Evaluation Order

LQL queries are evaluated strictly from left to right. Think of each component as building on the previous one:

{% stepper %}
{% step %}

### The first search term

The first search term creates the initial result set.
{% endstep %}

{% step %}

### Additional terms

Each additional term narrows the results ($AND) or expands them ($OR).
{% endstep %}

{% step %}

### Functions, commands, and clauses

Functions, commands, and clauses then transform that result set in sequence.
{% endstep %}
{% endstepper %}

Logical operators work at two levels:

* Between different fields: connect complete search conditions (for example, field1=value $AND field2=value).
* Within the same field: connect multiple values for one field (for example, field=value1 $OR value2).

Example showing operator precedence:

```
package.gos_type=gold $OR premium $AND package.name=abc $AND def # Reads as:
# packages where (gos_type = gold OR premium)
# AND (name contains both abc AND def)
```

### Querying by Data Type

Start your search term with the appropriate prefix for the data type you want to query:

| Data type             | Prefix and example                                         |
| --------------------- | ---------------------------------------------------------- |
| Packages / components | package.= example: package.name=log4j\*                    |
| Vulnerabilities       | vulnerability.= example: vulnerability.name=CVE-1234\*     |
| Code quality issues   | code\_quality.= example: code\_quality.name=EOL            |
| Security posture      | security\_posture.= example: security\_posture.severity=\* |
| Commits               | commits.= example: commits.country\_code=\*                |

## Search Examples — Raw Data

The following examples use a search term only. The response contains all document fields. Set include\_raw\_data to true (or omit include\_raw\_data) to receive full document bodies.

### Search for a Package by Name

Returns all log4j packages with their full field set.

```bash
curl -X POST http://<GLOSI-service-endpoint>:8000/api/v2/lql/components \ 
  -H "content-type: application/json" \ 
  -H "company-id: vdna_994mgmr65tculnfy" \ 
  -d '{"lql": "package.name=log4j*", "limit": 1}'
```

Response (abbreviated):

```json
{
  "package.name=log4j*": [
    {
      "package": {
        "id": "SPDX-PACKAGE-73c8c5b8-ecd9-5f9d-ad77-ed65811ed455",
        "name": "log4j:log4j:1.2.17",
        "version": "1.2.17",
        "file_name": "log4j:log4j:1.2.17.jar",
        "friendly_name": "log4j:1.2.17",
        "pkg_manager": "maven",
        "last_modified": "2012-05-26T09:43:00.000Z",
        "purl": "pkg:maven/log4j/log4j@1.2.17",
        "supplier": "The Apache Software Foundation",
        "supplier_info": {
          "name": "The Apache Software Foundation",
          "is_verified": true
        },
        "total_vulnerability_count": 5,
        "total_fixed_vulnerability_count": 0
      }
    }
  ],
  "total_hits": 14126,
  "total_docs": 1,
  "current_page": 1,
  "total_pages": 14126
}
```

### Search for a Specific Vulnerability

Returns all packages affected by CVE-2021-23406.

```bash
curl -X POST http://<GLOSI-service-endpoint>:8000/api/v2/lql/components \ 
  -H "content-type: application/json" \ 
  -H "company-id: vdna_994mgmr65tculnfy" \ 
  -d '{"lql": "vulnerability.name=CVE-2021-23406", "limit": 1}'
```

Response (abbreviated):

```json
{
  "vulnerability.name=CVE-2021-23406": [
    {
      "package": {
        "name": "npm:pac-resolver:4.2.0",
        "version": "4.2.0"
      },
      "vulnerability": [
        {
          "name": "CVE-2021-23406",
          "severity": "High",
          "base_score": 9.8,
          "fix_state": "fixed",
          "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "is_exploited": false
        }
      ]
    }
  ]
}
```

## Search Examples — Specific Fields

Use the chart table() function to specify exactly which fields to return. When include\_raw\_data is false, the raw document array is empty and results appear under the "function: chart table(...)" key.

### All Versions of log4j

```bash
curl -X POST http://<GLOSI-service-endpoint>:8000/api/v2/lql/components \ 
  -H "accept: application/json, text/plain, */*" \ 
  -H "content-type: application/json" \ 
  -H "company-id: <company_id>" \ 
  -H "product-id: 1" \ 
  -d '{ "lql": "package.name=log4j* | chart table(package.id, package.name, package.version)", "page_no": 1, "limit": 3, "is_opensource": true, "include_raw_data": false }'
```

Response:

```json
{
  "package.name=log4j*": [],
  "function: chart table(package.id, package.name, package.version)": [
    {"package.id": "SPDX-PACKAGE-1aa...", "package.name": "log4j:log4j:1.2.17", "package.version": "1.2.17"},
    {"package.id": "SPDX-PACKAGE-850...", "package.name": "log4j:log4j:1.2.17", "package.version": "1.2.17"},
    ...
  ],
  "total_hits": 36,
  "total_docs": 3,
  "current_page": 1,
  "total_pages": 12,
  "all_columns": ["package.id", "package.name", "package.version", ...],
  "default_columns": ["package.id", "package.name", "package.version"]
}
```

### Versions of log4j with Vulnerabilities

```bash
curl -X POST http://<GLOSI-service-endpoint>:8000/api/v2/lql/components \ 
  -H "accept: application/json, text/plain, */*" \ 
  -H "content-type: application/json" \ 
  -H "company-id: <company_id>" \ 
  -H "product-id: 1" \ 
  -d '{ "lql": "package.name=log4j* $AND vulnerability.severity=* | chart table(vulnerability.name, vulnerability.severity, package.id, package.name, package.version)", "page_no": 1, "limit": 3, "is_opensource": true, "include_raw_data": false }'
```

Response (abbreviated):

```json
{
  "total_hits": 45,
  "total_docs": 3,
  "current_page": 1,
  "total_pages": 15,
  "function: chart table(vulnerability.name, vulnerability.severity, ...)": [
    {
      "vulnerability.name": "CVE-2019-17571",
      "vulnerability.severity": "Critical",
      "package.name": "log4j:log4j:1.2.17",
      "package.version": "1.2.17"
    },
    ...
  ]
}
```

### Critical Vulnerabilities in a Date Range

Returns log4j packages with critical vulnerabilities created between 1 June 2025 01:00 and 30 June 2025 14:00, sorted by package name.

```bash
curl -X POST http://<GLOSI-service-endpoint>:8000/api/v2/lql/components \ 
  -H "accept: application/json, text/plain, */*" \ 
  -H "content-type: application/json" \ 
  -H "company-id: <company_id>" \ 
  -H "product-id: 1" \ 
  -d '{ "lql": "package.name=log4j* $AND vulnerability.severity=critical $AND package.created>=2025-06-01 01:00:00 $AND <=2025-06-30 14:00:00 | chart table(vulnerability.name, vulnerability.severity, package.id, package.name, package.version) | sort(package.name:asc)", "page_no": 1, "limit": 3, "is_opensource": true, "include_raw_data": false }'
```

### Critical Vulnerabilities from a Verified Supplier (Last 120 Days)

Returns log4j packages with critical vulnerabilities, created within the last 120 days, from a verified supplier, sorted by vulnerability name.

```bash
curl -X POST http://<GLOSI-service-endpoint>:8000/api/v2/lql/components \ 
  -H "accept: application/json, text/plain, */*" \ 
  -H "content-type: application/json" \ 
  -H "company-id: <company_id>" \ 
  -H "product-id: 1" \ 
  -d '{ "lql": "package.name=log4j* $AND vulnerability.severity=critical $AND package.created<=120 days $AND supplier.is_verified=true | chart table(vulnerability.name, vulnerability.severity, package.id, package.name, package.version) | sort(vulnerability.name:asc)", "page_no": 1, "limit": 3, "is_opensource": true, "include_raw_data": false }'
```

## LQL Quick Reference

### Search Term Operators

| Syntax                  | Description and Example                                                        |
| ----------------------- | ------------------------------------------------------------------------------ |
| field=value             | Exact match. example: vulnerability.severity=critical                          |
| field=value\*           | Starts with. example: vulnerability.name=CVE-28\*                              |
| field=*value*           | Contains. example: vulnerability.name=*VE-28*                                  |
| field=\*                | Any value (field exists). example: vulnerability.severity=\*                   |
| field!=value            | Not equal. example: vulnerability.is\_exploited!=true                          |
| field>value             | Greater than. example: risk\_level.score > 9                                   |
| field>=value            | Greater than or equal. example: project.created >= 2025-06-24                  |
| field\<value            | Less than. example: risk\_level.score < 9                                      |
| field<=value            | Less than or equal. example: project.created <= 2025-06-24                     |
| field=value with spaces | Exact match including spaces. example: project.name=Apache Software Foundation |

### Logical Operators

| Syntax                           | Description                     |
| -------------------------------- | ------------------------------- |
| field1=value1 $AND field2=value2 | Both conditions must match.     |
| field1=value1 $OR field2=value2  | Either condition must match.    |
| field=value1 $AND value2         | Field equals value1 AND value2. |
| field=value1 $OR value2          | Field equals value1 OR value2.  |

### Functions

| Syntax                              | Description                                      |
| ----------------------------------- | ------------------------------------------------ |
| \| stats avg(field, ...)            | Average value of the field.                      |
| \| stats count(field, ...)          | Count occurrences of the field.                  |
| \| stats max(field, ...)            | Maximum value of the field.                      |
| \| stats min(field, ...)            | Minimum value of the field.                      |
| \| stats sum(field, ...)            | Sum of the field values.                         |
| \| stats unique(field, ...)         | Unique values of the field.                      |
| \| stats unique\_values(field, ...) | Unique values of the field (alias).              |
| \| stats unique\_count(field, ...)  | Count of distinct values.                        |
| \| stats top\_hits(N)               | Top N hits for the search term results.          |
| \| chart table(field, ...)          | Format results as a table with specified fields. |
| \| chart table\_fold(field, ...)    | Format results as a folded table.                |
| \| chart histogram(field, ...)      | Create a histogram of field values.              |

### Commands

| Syntax                                 | Description and Example                                                                                       |
| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| \| sort(field:asc)                     | Sort ascending. example: \| sort(project.name:asc)                                                            |
| \| sort(field:desc)                    | Sort descending. example: \| sort(project.name:desc)                                                          |
| \| sort(field1:asc, field2:desc)       | Sort by multiple fields. example: \| sort(project.name:asc, package.name:asc)                                 |
| \| collapse(field)                     | Group by field; return top document per group. example: \| collapse(package.purl)                             |
| \| collapse\_latest(field)             | Group by field; return latest document per group. example: \| collapse\_latest(package.purl)                  |
| \| boost(field1:2.0, field2:1.5)       | Boost relevance score for specific fields.                                                                    |
| \| histogram\_interval(field:interval) | Set histogram interval for date fields. example: \| histogram\_interval(field1:day, field2:month, field3:100) |

### Clauses

Append a by clause to any stats or chart function to group results:

| Syntax                                           | Description                                        |
| ------------------------------------------------ | -------------------------------------------------- |
| \| stats count(field) by (group\_field)          | Count field values, grouped by group\_field.       |
| \| stats avg(field) by (group\_field)            | Average field values, grouped by group\_field.     |
| \| stats max(field) by (group\_field)            | Maximum field values, grouped by group\_field.     |
| \| stats min(field) by (group\_field)            | Minimum field values, grouped by group\_field.     |
| \| stats sum(field) by (group\_field)            | Sum field values, grouped by group\_field.         |
| \| stats unique(field) by (group\_field)         | Unique field values, grouped by group\_field.      |
| \| stats unique\_count(field) by (group\_field)  | Count of distinct values, grouped by group\_field. |
| \| stats unique\_values(field) by (group\_field) | Unique values, grouped by group\_field.            |
| \| chart table(field) by (group\_field)          | Table of field values, grouped by group\_field.    |
| \| chart table\_fold(field) by (group\_field)    | Folded table, grouped by group\_field.             |
| \| chart histogram(field) by (group\_field)      | Histogram, grouped by group\_field.                |

## Best Practices

* Be as specific as possible with search terms to improve query performance.
* For complex aggregations, consider splitting into multiple focused queries.
* When searching for exact matches, avoid wildcards.
* For time-based queries, use ISO date format (YYYY-MM-DD) for precision.
* Use chart table() with a limited set of fields to reduce response size and improve readability.

## LQL Field Glossary

The following tables list the queryable fields for each entity type. Use these field names in LQL search terms and functions.

### Package

| Field                                      | Description                                      |
| ------------------------------------------ | ------------------------------------------------ |
| package.purl                               | Package URL (purl).                              |
| package.name                               | Package name.                                    |
| package.version                            | Package version.                                 |
| package.pkg\_manager                       | Package manager (for example: maven, npm).       |
| package.download\_loc                      | Package download location.                       |
| package.checksum.md5                       | MD5 checksum.                                    |
| package.checksum.sha1                      | SHA-1 checksum.                                  |
| package.checksum.sha256                    | SHA-256 checksum.                                |
| package.checksum.sha512                    | SHA-512 checksum.                                |
| package.description                        | Package description.                             |
| package.last\_modified                     | Date the package was last modified.              |
| package.license                            | Package license.                                 |
| package.license.url                        | License URL.                                     |
| package.license.version                    | License version.                                 |
| package.license.full\_name                 | Full license name.                               |
| package.license.short\_id                  | License SPDX short identifier.                   |
| package.license.is\_opensource             | Whether the license is open source.              |
| package.supplier                           | Package supplier name.                           |
| package.supplier\_info.name                | Supplier name.                                   |
| package.supplier\_info.org                 | Supplier organization.                           |
| package.supplier\_info.home\_page          | Supplier home page URL.                          |
| package.supplier\_info.is\_verified        | Whether the supplier is verified.                |
| package.total\_vulnerability\_count        | Total number of vulnerabilities.                 |
| package.total\_fixed\_vulnerability\_count | Number of fixed vulnerabilities.                 |
| package.category                           | Package category.                                |
| package.classification                     | Package classification.                          |
| package.cpes                               | Common Platform Enumeration (CPE) entries.       |
| package.file\_name                         | Package file name.                               |
| package.files\_analysed                    | Whether package files were analyzed.             |
| package.friendly\_name                     | Human-readable package name.                     |
| package.id                                 | Package identifier.                              |
| package.license\_category                  | License category.                                |
| package.license\_name                      | License name.                                    |
| package.scope                              | Package scope (for example: required, optional). |
| package.src\_info                          | Source information.                              |
| package.vuln\_fixed\_info.major.count      | Count of major-version fixes available.          |
| package.vuln\_fixed\_info.major.version    | Major version that fixes the vulnerability.      |
| package.vuln\_fixed\_info.minor.count      | Count of minor-version fixes available.          |
| package.vuln\_fixed\_info.minor.version    | Minor version that fixes the vulnerability.      |
| package.vuln\_fixed\_info.patch.count      | Count of patch-version fixes available.          |
| package.vuln\_fixed\_info.patch.version    | Patch version that fixes the vulnerability.      |
| package.vuln\_fixed\_info.upgrade.count    | Count of upgrade-version fixes available.        |
| package.vuln\_fixed\_info.upgrade.version  | Upgrade version that fixes the vulnerability.    |

### Image

| Field                       | Description               |
| --------------------------- | ------------------------- |
| image.name                  | Image name.               |
| image.version               | Image version.            |
| image.os                    | Operating system.         |
| image.tags                  | Image tags.               |
| image.manifest              | Image manifest.           |
| image.owner                 | Image owner.              |
| image.size                  | Image size.               |
| image.architecture          | Image architecture.       |
| image.repo\_checksum        | Repository checksum.      |
| image.layer.checksum.sha256 | Layer SHA-256 checksum.   |
| image.layer.size            | Layer size.               |
| image.download\_loc         | Download location.        |
| image.config                | Image configuration.      |
| image.desc                  | Image description.        |
| image.docker\_version       | Docker version.           |
| image.file\_name            | Image file name.          |
| image.image\_created        | Image creation timestamp. |

### Vulnerability

| Field                               | Description                                                      |
| ----------------------------------- | ---------------------------------------------------------------- |
| vulnerability.name                  | Vulnerability identifier (for example: CVE-2025-1234, GHSA-xxx). |
| vulnerability.score                 | Vulnerability score.                                             |
| vulnerability.severity              | Severity level: Critical, High, Medium, Low, or Unknown.         |
| vulnerability.base\_score           | CVSS base score.                                                 |
| vulnerability.name\_space           | Vulnerability namespace (for example: NVD, Ubuntu).              |
| vulnerability.description           | Vulnerability description.                                       |
| vulnerability.vector                | CVSS vector string.                                              |
| vulnerability.vuln\_created         | Date the vulnerability was first disclosed publicly.             |
| vulnerability.vuln\_modified        | Date the vulnerability record was last modified.                 |
| vulnerability.vuln\_withdrawn       | Date the vulnerability was withdrawn.                            |
| vulnerability.fix\_state            | Fix state (for example: fixed, not-fixed).                       |
| vulnerability.fix\_versions         | Versions that include a fix.                                     |
| vulnerability.impact\_score         | CVSS impact score.                                               |
| vulnerability.exploitability\_score | CVSS exploitability score.                                       |
| vulnerability.is\_exploited         | Whether the vulnerability is actively exploited.                 |
| vulnerability.affected\_versions    | Affected package versions.                                       |
| vulnerability.category              | Vulnerability category.                                          |
| vulnerability.collector             | Data collector.                                                  |
| vulnerability.data\_source          | Source URL for the vulnerability data.                           |
| vulnerability.origin                | Origin of the vulnerability record.                              |
| vulnerability.package\_purl         | PURL of the affected package.                                    |
| vulnerability.package.name          | Name of the affected package.                                    |
| vulnerability.package.version       | Version of the affected package.                                 |
| vulnerability.package.pkg\_manager  | Package manager of the affected package.                         |
| vulnerability.mitigated.status      | Mitigation status.                                               |
| vulnerability.target                | Vulnerability target (PURL).                                     |

### Attestation

| Field                   | Description                                                                    |
| ----------------------- | ------------------------------------------------------------------------------ |
| attestation\_level.lcal | Attestation level score (integer 0–4, corresponding to LCAL-0 through LCAL-4). |

### Risk Score

| Field                | Description                                                                 |
| -------------------- | --------------------------------------------------------------------------- |
| risk\_level.score    | Risk level score (float 0.0–10.0). Maps to IRLC, IRLH, IRLM, IRLL, or ZIRL. |
| risk\_level.severity | Risk level severity label.                                                  |

### Security Posture

| Field                                  | Description                                                                                                                                                                                       |
| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| security\_posture.name                 | Check name. Values: Branch-Protection, Pinned-Dependencies, Dangerous-Workflow, SAST, Dependency-Update-Tool, Security-Policy, Fuzzing, Token-Permissions, Packaging, Webhooks, Embedded Secrets. |
| security\_posture.score                | Check score.                                                                                                                                                                                      |
| security\_posture.severity             | Check severity.                                                                                                                                                                                   |
| security\_posture.reason               | Reason for the score.                                                                                                                                                                             |
| security\_posture.desc                 | Check description.                                                                                                                                                                                |
| security\_posture.entropy              | Entropy measurement.                                                                                                                                                                              |
| security\_posture.author               | Check author.                                                                                                                                                                                     |
| security\_posture.commit               | Associated commit.                                                                                                                                                                                |
| security\_posture.complexity           | Complexity score.                                                                                                                                                                                 |
| security\_posture.created              | Check creation date.                                                                                                                                                                              |
| security\_posture.documentation\_url   | Documentation URL for the check.                                                                                                                                                                  |
| security\_posture.fingerprint          | Fingerprint.                                                                                                                                                                                      |
| security\_posture.language             | Programming language.                                                                                                                                                                             |
| security\_posture.origin               | Origin of the check.                                                                                                                                                                              |
| security\_posture.rule\_id             | Rule identifier.                                                                                                                                                                                  |
| security\_posture.source\_code.name    | Source code repository name.                                                                                                                                                                      |
| security\_posture.source\_code.version | Source code version.                                                                                                                                                                              |
| security\_posture.source\_link         | Source link URL.                                                                                                                                                                                  |

### Code Quality

| Field                              | Description                                                                                                                       |
| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| code\_quality.name                 | Check name. Values: Embedded Secrets, Binary-Artifacts, CII-Best-Practices, Fuzzing, Gitleaks, CI-Tests, Code-Review, Maintained. |
| code\_quality.score                | Check score.                                                                                                                      |
| code\_quality.severity             | Check severity.                                                                                                                   |
| code\_quality.reason               | Reason for the score.                                                                                                             |
| code\_quality.desc                 | Check description.                                                                                                                |
| code\_quality.author               | Check author.                                                                                                                     |
| code\_quality.checksum.md5         | MD5 checksum.                                                                                                                     |
| code\_quality.checksum.sha1        | SHA-1 checksum.                                                                                                                   |
| code\_quality.checksum.sha256      | SHA-256 checksum.                                                                                                                 |
| code\_quality.commit               | Associated commit name.                                                                                                           |
| code\_quality.complexity           | Complexity score.                                                                                                                 |
| code\_quality.created              | Check creation date.                                                                                                              |
| code\_quality.documentation\_url   | Documentation URL.                                                                                                                |
| code\_quality.entropy              | Entropy measurement.                                                                                                              |
| code\_quality.fingerprint          | Fingerprint.                                                                                                                      |
| code\_quality.language             | Programming language.                                                                                                             |
| code\_quality.origin               | Origin of the check.                                                                                                              |
| code\_quality.rule\_id             | Rule identifier.                                                                                                                  |
| code\_quality.source\_code.name    | Source code repository name.                                                                                                      |
| code\_quality.source\_code.version | Source code version.                                                                                                              |
| code\_quality.source\_link         | Source link URL.                                                                                                                  |

### Source Code

| Field                                 | Description                                           |
| ------------------------------------- | ----------------------------------------------------- |
| source\_code.loc                      | Repository URL (for example: <https://github.com//>). |
| source\_code.version                  | Source code version.                                  |
| source\_code.tag                      | Tag or branch name.                                   |
| source\_code.code\_quality\_score     | Code quality score.                                   |
| source\_code.contributors\_count      | Number of contributors.                               |
| source\_code.total\_commits           | Total number of commits.                              |
| source\_code.first\_commit            | Date of the first commit.                             |
| source\_code.last\_commit             | Date of the most recent commit.                       |
| source\_code.is\_opensource           | Whether the repository is open source.                |
| source\_code.direct\_dep\_count       | Count of direct dependencies.                         |
| source\_code.transitive\_dep\_count   | Count of transitive dependencies.                     |
| source\_code.friendly\_name           | Human-readable name.                                  |
| source\_code.id                       | Source code identifier.                               |
| source\_code.is\_suspicious\_activity | Whether suspicious activity has been detected.        |
| source\_code.languages                | Programming languages used.                           |
| source\_code.latest\_version          | Latest available version.                             |
| source\_code.latest\_version\_date    | Date of the latest version.                           |
| source\_code.name                     | Repository name.                                      |
| source\_code.score                    | Overall score.                                        |
| source\_code.security\_posture\_score | Security posture score.                               |
| source\_code.src\_code\_created       | Repository creation date.                             |
| source\_code.url                      | Repository URL.                                       |

### Provenance

| Field                                 | Description                                       |
| ------------------------------------- | ------------------------------------------------- |
| provenance.country.code               | Country code for the contributor.                 |
| provenance.timezone                   | Contributor timezone.                             |
| provenance.contributor\_commit\_count | Number of commits by this contributor.            |
| provenance.contributor\_link          | Link to the contributor profile.                  |
| provenance.contributor.commits        | Contributor commits.                              |
| provenance.contributor.email          | Contributor email.                                |
| provenance.contributor.is\_suspicious | Whether the contributor is flagged as suspicious. |
| provenance.contributor.name           | Contributor name.                                 |
| provenance.count                      | Total contributor count.                          |
| provenance.country\_code              | Country code (alias).                             |

### Contributor / Commits

| Field                              | Description                                       |
| ---------------------------------- | ------------------------------------------------- |
| contributor.name                   | Contributor name.                                 |
| contributor.email                  | Contributor email.                                |
| contributor.id                     | Contributor identifier.                           |
| contributor.commits                | Number of commits.                                |
| contributor.is\_suspicious         | Whether the contributor is flagged as suspicious. |
| contributor.link                   | Contributor profile link.                         |
| commits.commit                     | Commit name.                                      |
| commits.contributor\_commit\_count | Number of commits by the contributor.             |
| commits.contributor\_email         | Contributor email.                                |
| commits.contributor\_link          | Contributor profile link.                         |
| commits.contributor.country.code   | Contributor country code.                         |
| commits.contributor.is\_suspicious | Whether the contributor is flagged as suspicious. |
| commits.contributor.name           | Contributor name.                                 |
| commits.count                      | Total commit count.                               |
| commits.country\_code              | Country code associated with the commits.         |
| commits.timezone                   | Timezone associated with the commits.             |

### License

| Field                     | Description                                    |
| ------------------------- | ---------------------------------------------- |
| license.url               | License URL.                                   |
| license.category          | License category.                              |
| license.fullname          | Full license name.                             |
| license.is\_deprecated    | Whether the license identifier is deprecated.  |
| license.is\_opensource    | Whether the license is an open-source license. |
| license.is\_osi\_approved | Whether the license is OSI-approved.           |
| license.license\_id       | License identifier.                            |
| license.name              | License name.                                  |
| license.full\_name        | Full license name (alias).                     |
| license.short\_id         | SPDX short license identifier.                 |
| license.version           | License version.                               |
| license.details\_url      | License details URL.                           |
| license.references        | License reference links.                       |

### Supplier

| Field                 | Description                                   |
| --------------------- | --------------------------------------------- |
| supplier.name         | Supplier name.                                |
| supplier.is\_verified | Whether the supplier is verified.             |
| supplier.organisation | Supplier organization.                        |
| supplier.verified     | Verification status (alias for is\_verified). |
| supplier\_info.name   | Supplier info name.                           |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veedna.com/gold-open-source-gos/gold-catalog/container-images/glosi-api-documentation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.