Threat Feed / API
Machine-readable supply-chain threat feed
The Halting Problems JSON feed is designed for SIEM, SOAR, enrichment, and analyst automation workflows that need current software supply-chain incident metadata, observables, affected packages, sources, and hunting context.
Stable endpoint
Use /api/feed for the current JSON feed. The feed is public, unauthenticated, and generated from the Postgres-backed incident dataset.
curl -fsS https://haltingproblems.com/api/feed | jq '.entries[0]'
Schema expectations
- feed_version: version marker for downstream parsers.
- generated_at: feed generation timestamp.
- entries: incident records with title, URL, severity/status, summary, package and IOC metadata when available.
- sources: provenance and claim-support references carried from the incident record.
Operational guidance
- Poll on a conservative cadence such as every 15–60 minutes.
- Dedupe on incident slug plus generated timestamp or updated timestamp.
- Treat the web threat page as the human-readable main report.
- Use tested hunting scripts from the threat detail page when available.