Warn before exposing unsafe systems to the internet
Infrastructure automation is fast, consistent, and unforgiving. When it provisions a service with an active exploit and immediately exposes it, there's no human in the loop to catch it. attestd acts as that check.
the request
bash
curl "https://api.attestd.io/v1/check?product=openssh&version=9.6" \
-H "Authorization: Bearer attestd_demo_key"integration
provision.py
from attestd import check
def safe_to_expose(product: str, version: str) -> bool:
risk = check(product, version)
if risk.actively_exploited and risk.remote_exploitable:
print(f"[BLOCKED] {product}@{version} — active remote exploit detected")
print(f" risk_state: {risk.risk_state}")
print(f" fixed_version: {risk.fixed_version}")
return False
return True
# Before provisioning a public-facing service
if not safe_to_expose("openssh", "9.6"):
raise SystemExit("Provisioning halted: unsafe software version")
# Proceed with infrastructure provisioning
provision_service()operational outcome
▸
Unsafe software versions never reach a public network interface.
Infrastructure pipelines can run autonomously at scale. When attestd returns an active exploit signal on a version about to be exposed, the provisioning step aborts cleanly with the upgrade path included.