Threat Feed / API

Machine-readable supply-chain threat feed

The Halting Problems JSON feed is designed for SIEM, SOAR, enrichment, and analyst automation workflows that need current software supply-chain incident metadata, observables, affected packages, sources, and hunting context.

Stable endpoint

Use /api/feed for the current JSON feed. The feed is public, unauthenticated, and generated from the Postgres-backed incident dataset.

curl -fsS https://haltingproblems.com/api/feed | jq '.entries[0]'

Schema expectations

  • feed_version: version marker for downstream parsers.
  • generated_at: feed generation timestamp.
  • entries: incident records with title, URL, severity/status, summary, package and IOC metadata when available.
  • sources: provenance and claim-support references carried from the incident record.

Operational guidance

  • Poll on a conservative cadence such as every 15–60 minutes.
  • Dedupe on incident slug plus generated timestamp or updated timestamp.
  • Treat the web threat page as the human-readable main report.
  • Use tested hunting scripts from the threat detail page when available.