OverviewWhy AttestdQuickstartResponse FieldsAPI ReferenceSDK Reference↳ Python↳ JavaScriptAccount & PortalAI Agent IntegrationCI/CD IntegrationIntegrations↳ MCP Server↳ LangChain↳ LangChain (JS)↳ AutoGenProductsSupply chainFAQ
documentation

Attestd Docs

Attestd returns a structured, deterministic security assessment for a software product and version. These docs cover how to call the API, what every field means, and how to integrate into CI/CD pipelines and AI agents.

Why Attestd
Technical architecture deep-dive: sensor vs. gate philosophy, NVD limitations, two-signal design, confidence semantics, and the determinism guarantee.
Quickstart
Make your first API call in under two minutes.
Response Field Reference
Exact semantics for every field in a /v1/check response, including multi-range aggregation rules.
API Reference
Base URL, authentication, request parameters, error codes, and rate limits.
SDK Reference
Python and JavaScript SDK clients with typed response models, error handling, and testing utilities.
Account & Portal Guide
API key management, key rotation, route scoping, billing tiers, and portal settings.
AI Agent Integration
LangChain tool definition, function calling, and correct handling of outside-coverage products.
CI/CD Integration
GitHub Actions and GitLab CI recipes for blocking deployments on high-risk dependencies.
Integrations
Framework-specific integrations: LangChain StructuredTool, agent executor, and async patterns.
Products
All 72 supported products with API slugs, notable CVEs, version format notes, and NVD data source details.
Supply chain integrity
Monitored PyPI (52) and npm (70) packages, OSV MAL- and registry sources, and how supply_chain relates to risk_state.
FAQ
Common questions about data freshness, coverage, confidence scores, and the demo key.

Demo key
Use attestd_demo_key for all examples in these docs. No signup required. Rate-limited to 60 requests/minute.