Saasment · Capability

Saasment SaaS Security Posture Management

Unified workflow for SaaS security posture management, misconfiguration detection, compliance assessment, and cost optimization. Used by security teams to continuously monitor and improve their SaaS security posture.

Run with Naftiko SaaS SecuritySSPMCloud SecurityComplianceCost OptimizationMisconfigurations

What You Can Do

GET
Get posture score — Get overall SaaS security posture score with domain breakdown
/v1/posture/score
GET
List monitored applications — List all monitored SaaS applications
/v1/posture/applications
GET
List misconfigurations — List security misconfigurations by severity and status
/v1/misconfigurations
GET
Get misconfiguration — Get misconfiguration details and remediation steps
/v1/misconfigurations/{id}
PATCH
Update misconfiguration status — Update misconfiguration remediation status
/v1/misconfigurations/{id}
GET
List compliance frameworks — List available compliance frameworks
/v1/compliance/frameworks
GET
List compliance assessments — List compliance assessment results
/v1/compliance/assessments
GET
Get cost summary — Get SaaS/cloud spend summary with optimization potential
/v1/cost/summary
GET
List cost recommendations — List cost optimization recommendations
/v1/cost/recommendations
GET
List integrations — List configured SaaS integrations
/v1/integrations
POST
Create integration — Connect a new SaaS application
/v1/integrations
GET
List alerts — List security alerts
/v1/alerts

MCP Tools

get-posture-score

Get overall SaaS security posture score with breakdown by security domain

read-only
list-monitored-applications

List all SaaS applications currently being monitored for security issues

read-only
list-misconfigurations

List detected security misconfigurations with severity levels and remediation guidance

read-only
get-misconfiguration

Get detailed information about a specific misconfiguration including remediation steps

read-only
update-misconfiguration-status

Update the remediation status of a misconfiguration (resolve, accept risk, etc.)

idempotent
list-compliance-frameworks

List available compliance frameworks for assessment (SOC 2, ISO 27001, GDPR, etc.)

read-only
list-compliance-assessments

List compliance assessment results showing pass/fail status per control

read-only
get-cost-summary

Get summary of total SaaS spend and potential cost savings

read-only
list-cost-recommendations

List cost optimization recommendations for unused licenses and redundant subscriptions

read-only
list-integrations

List all configured SaaS application integrations and their connection status

read-only
create-integration

Connect a new SaaS application to Saasment for security monitoring

list-alerts

List security alerts generated by posture monitoring with severity and status

read-only

APIs Used

saasment

Capability Spec

Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Saasment SaaS Security Posture Management"
  description: "Unified workflow for SaaS security posture management, misconfiguration detection, compliance assessment, and cost optimization. Used by security teams to continuously monitor and improve their SaaS security posture."
  tags:
    - SaaS Security
    - SSPM
    - Cloud Security
    - Compliance
    - Cost Optimization
    - Misconfigurations
  created: "2026-05-02"
  modified: "2026-05-02"

binds:
  - namespace: env
    keys:
      SAASMENT_API_TOKEN: SAASMENT_API_TOKEN

capability:
  consumes:
    - import: saasment
      location: ./shared/saasment.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: saas-security-posture-api
      description: "Unified REST API for SaaS security posture management and cost optimization."
      resources:
        - path: /v1/posture/score
          name: posture-score
          description: "Security posture scoring"
          operations:
            - method: GET
              name: get-posture-score
              description: "Get overall SaaS security posture score with domain breakdown"
              call: "saasment.get-posture-score"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/posture/applications
          name: monitored-applications
          description: "Monitored SaaS applications"
          operations:
            - method: GET
              name: list-monitored-applications
              description: "List all monitored SaaS applications"
              call: "saasment.list-monitored-applications"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/misconfigurations
          name: misconfigurations
          description: "Security misconfigurations"
          operations:
            - method: GET
              name: list-misconfigurations
              description: "List security misconfigurations by severity and status"
              call: "saasment.list-misconfigurations"
              with:
                severity: "rest.severity"
                status: "rest.status"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/misconfigurations/{id}
          name: misconfiguration
          description: "Individual misconfiguration management"
          operations:
            - method: GET
              name: get-misconfiguration
              description: "Get misconfiguration details and remediation steps"
              call: "saasment.get-misconfiguration"
              with:
                id: "rest.id"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: PATCH
              name: update-misconfiguration-status
              description: "Update misconfiguration remediation status"
              call: "saasment.update-misconfiguration-status"
              with:
                id: "rest.id"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/compliance/frameworks
          name: compliance-frameworks
          description: "Available compliance frameworks"
          operations:
            - method: GET
              name: list-compliance-frameworks
              description: "List available compliance frameworks"
              call: "saasment.list-compliance-frameworks"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/compliance/assessments
          name: compliance-assessments
          description: "Compliance assessment results"
          operations:
            - method: GET
              name: list-compliance-assessments
              description: "List compliance assessment results"
              call: "saasment.list-compliance-assessments"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/cost/summary
          name: cost-summary
          description: "Cost optimization summary"
          operations:
            - method: GET
              name: get-cost-summary
              description: "Get SaaS/cloud spend summary with optimization potential"
              call: "saasment.get-cost-summary"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/cost/recommendations
          name: cost-recommendations
          description: "Cost optimization recommendations"
          operations:
            - method: GET
              name: list-cost-recommendations
              description: "List cost optimization recommendations"
              call: "saasment.list-cost-recommendations"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/integrations
          name: integrations
          description: "SaaS application integrations"
          operations:
            - method: GET
              name: list-integrations
              description: "List configured SaaS integrations"
              call: "saasment.list-integrations"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-integration
              description: "Connect a new SaaS application"
              call: "saasment.create-integration"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/alerts
          name: security-alerts
          description: "Security alerts"
          operations:
            - method: GET
              name: list-alerts
              description: "List security alerts"
              call: "saasment.list-alerts"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: saas-security-posture-mcp
      transport: http
      description: "MCP server for AI-assisted SaaS security posture management and cost optimization."
      tools:
        - name: get-posture-score
          description: "Get overall SaaS security posture score with breakdown by security domain"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.get-posture-score"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-monitored-applications
          description: "List all SaaS applications currently being monitored for security issues"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.list-monitored-applications"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-misconfigurations
          description: "List detected security misconfigurations with severity levels and remediation guidance"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.list-misconfigurations"
          with:
            severity: "tools.severity"
            app_id: "tools.app_id"
            status: "tools.status"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-misconfiguration
          description: "Get detailed information about a specific misconfiguration including remediation steps"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.get-misconfiguration"
          with:
            id: "tools.id"
          outputParameters:
            - type: object
              mapping: "$."

        - name: update-misconfiguration-status
          description: "Update the remediation status of a misconfiguration (resolve, accept risk, etc.)"
          hints:
            readOnly: false
            destructive: false
            idempotent: true
          call: "saasment.update-misconfiguration-status"
          with:
            id: "tools.id"
            status: "tools.status"
            notes: "tools.notes"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-compliance-frameworks
          description: "List available compliance frameworks for assessment (SOC 2, ISO 27001, GDPR, etc.)"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.list-compliance-frameworks"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-compliance-assessments
          description: "List compliance assessment results showing pass/fail status per control"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.list-compliance-assessments"
          with:
            framework_id: "tools.framework_id"
            app_id: "tools.app_id"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-cost-summary
          description: "Get summary of total SaaS spend and potential cost savings"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.get-cost-summary"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-cost-recommendations
          description: "List cost optimization recommendations for unused licenses and redundant subscriptions"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.list-cost-recommendations"
          with:
            app_id: "tools.app_id"
            min_savings: "tools.min_savings"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-integrations
          description: "List all configured SaaS application integrations and their connection status"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.list-integrations"
          outputParameters:
            - type: object
              mapping: "$."

        - name: create-integration
          description: "Connect a new SaaS application to Saasment for security monitoring"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "saasment.create-integration"
          with:
            app_type: "tools.app_type"
            credentials: "tools.credentials"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-alerts
          description: "List security alerts generated by posture monitoring with severity and status"
          hints:
            readOnly: true
            openWorld: false
          call: "saasment.list-alerts"
          with:
            severity: "tools.severity"
            status: "tools.status"
          outputParameters:
            - type: object
              mapping: "$."