{
  "type": "object",
  "properties": {
    "logical_environment": {
      "type": "string",
      "description": "The stage of the deployment.",
      "minLength": 1,
      "maxLength": 128
    },
    "physical_environment": {
      "type": "string",
      "description": "The physical region of the deployment.",
      "maxLength": 128
    },
    "deployments": {
      "type": "array",
      "description": "The list of deployments to record.",
      "maxItems": 1000,
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "type": "string",
            "description": "The name of the artifact. Note that if multiple deployments have identical 'digest' parameter values,\nthe name parameter must also be identical across all entries.\n",
            "minLength": 1,
            "maxLength": 256
          },
          "digest": {
            "type": "string",
            "description": "The hex encoded digest of the artifact. Note that if multiple deployments have identical 'digest' parameter values,\nthe name and version parameters must also be identical across all entries.\n",
            "minLength": 71,
            "maxLength": 71,
            "pattern": "^sha256:[a-f0-9]{64}$"
          },
          "version": {
            "type": "string",
            "description": "The artifact version. Note that if multiple deployments have identical 'digest' parameter values,\nthe version parameter must also be identical across all entries.\n",
            "maxLength": 100,
            "x-multi-segment": true
          },
          "status": {
            "type": "string",
            "description": "The deployment status of the artifact.",
            "default": "deployed",
            "enum": [
              "deployed",
              "decommissioned"
            ]
          },
          "deployment_name": {
            "type": "string",
            "description": "The unique identifier for the deployment represented by the new record. To accommodate differing\ncontainers and namespaces within a record set, the following format is recommended:\n{namespaceName}-{deploymentName}-{containerName}.\nThe deployment_name must be unique across all entries in the deployments array.\n",
            "minLength": 1,
            "maxLength": 256
          },
          "github_repository": {
            "type": "string",
            "description": "The name of the GitHub repository associated with the artifact. This should be used\nwhen there are no provenance attestations available for the artifact. The repository\nmust belong to the organization specified in the path parameter.\n\nIf a provenance attestation is available for the artifact, the API will use\nthe repository information from the attestation instead of this parameter.",
            "maxLength": 100,
            "pattern": "^[A-Za-z0-9.\\-_]+$"
          },
          "tags": {
            "type": "object",
            "description": "Key-value pairs to tag the deployment record.",
            "additionalProperties": {
              "type": "string"
            }
          },
          "runtime_risks": {
            "type": "array",
            "description": "A list of runtime risks associated with the deployment.",
            "maxItems": 4,
            "uniqueItems": true,
            "items": {
              "type": "string",
              "enum": [
                "critical-resource",
                "internet-exposed",
                "lateral-movement",
                "sensitive-data"
              ]
            }
          }
        },
        "required": [
          "name",
          "deployment_name",
          "digest"
        ]
      }
    }
  },
  "required": [
    "logical_environment",
    "deployments"
  ],
  "$schema": "https://json-schema.org/draft/2019-09/schema"
}