Violation
policystringrequired
Example:
SEC-5statusstringrequired
Possible values: [fail, warn, pass, n-a]
severitystringrequired
Display-time source of truth should be the catalog's severity
from GET /governance/policies. Treat this per-violation field
as contextual information only.
Possible values: [critical, high, medium, low]
titlestringrequired
descriptionstringrequired
summarystring
Optional one-line reason for this specific failure, when available.
compliance_frameworks object[]required
Array [
- object
- object
- object
- object
- object
frameworkstringrequired
Possible values: [SOC 2]
controlstringrequired
Example:
CC6.1]
remediation_availablebooleanrequired
failing_modules object[]required
Array [
module_idstring
module_namestring
module_typestring
reasonstring
badgestring
]
sourcestringrequired
Possible values: [automated]
Violation
{
"policy": "SEC-5",
"status": "fail",
"severity": "critical",
"title": "string",
"description": "string",
"summary": "string",
"compliance_frameworks": [
{
"framework": "SOC 2",
"control": "CC6.1"
},
{
"framework": "GDPR",
"article": "Art.32"
},
{
"framework": "PCI-DSS",
"requirement": "Req.3.4"
},
{
"framework": "HIPAA",
"section": "164.312(a)(1)"
},
{
"framework": "ISO 27001",
"control": "A.14.2"
}
],
"remediation_available": true,
"failing_modules": [
{
"module_id": "string",
"module_name": "string",
"module_type": "string",
"reason": "string",
"badge": "string"
}
],
"source": "automated"
}