How the APIs fit together
A single Competition API coordinates many CRSs. The Competition API issues tasks and broadcasts SARIF to each CRS. CRSs respond with proofs of vulnerability (POVs), patches, submitted SARIF, and assessments of broadcast SARIF. Bundles allow associating related submissions.
Competition API
The public interface the infrastructure exposes to teams. Sends tasks and broadcast SARIF to CRSs; accepts POVs, patches, submitted SARIF, assessments, and bundles.
CRS API
The interface each team’s CRS provides so the Competition API can deliver tasks and receive status. Defines how CRSs handle broadcasts (e.g., SARIF) and report status.
Example CRS Architecture
All content needed to build a compliant CRS: API specs, examples, and reference infrastructure.