Vanta · Capability
Conduct an audit — Audits
Conduct an audit — Audits. 15 operations. Lead operation: List audits. Self-contained Naftiko capability covering one Vanta business surface.
What You Can Do
GET
Listaudits
— List audits
/v1/audits
GET
Listauditcomments
— List audit comments
/v1/audits/{auditid}/comments
GET
Listauditcontrols
— List audit controls
/v1/audits/{auditid}/controls
POST
Createcustomcontrol
— Create a custom control for an audit
/v1/audits/{auditid}/controls/custom-controls
GET
Listauditevidence
— List audit evidence
/v1/audits/{auditid}/evidence
POST
Createcustomevidencerequest
— Create a custom evidence request for an audit
/v1/audits/{auditid}/evidence/custom-evidence-requests
PATCH
Updateauditevidence
— Update audit evidence
/v1/audits/{auditid}/evidence/{auditevidenceid}
POST
Createcommentforauditevidence
— Create a comment for audit evidence
/v1/audits/{auditid}/evidence/{auditevidenceid}/comments
GET
Listauditevidenceurls
— List audit evidence url
/v1/audits/{auditid}/evidence/{auditevidenceid}/urls
GET
Listmonitoredcomputersinauditscope
— List monitored computers
/v1/audits/{auditid}/monitored-computers
GET
Listpeopleinauditscope
— List of people who are in scope for this audit
/v1/audits/{auditid}/people
GET
Listvendorsinauditscope
— List of vendors who are in scope for this audit
/v1/audits/{auditid}/vendors
GET
Listvulnerabilities
— List vulnerabilities within the scope of a given audit
/v1/audits/{auditid}/vulnerabilities
GET
Listvulnerabilityremediationsinauditscope
— List vulnerability remediations that are in scope for this audit
/v1/audits/{auditid}/vulnerability-remediations
GET
Getvulnerableassets
— List assets associated with vulnerabilities
/v1/audits/{auditid}/vulnerable-assets
MCP Tools
list-audits
List audits
read-only
idempotent
list-audit-comments
List audit comments
read-only
idempotent
list-audit-controls
List audit controls
read-only
idempotent
create-custom-control-audit
Create a custom control for an audit
list-audit-evidence
List audit evidence
read-only
idempotent
create-custom-evidence-request-audit
Create a custom evidence request for an audit
update-audit-evidence
Update audit evidence
idempotent
create-comment-audit-evidence
Create a comment for audit evidence
list-audit-evidence-url
List audit evidence url
read-only
idempotent
list-monitored-computers
List monitored computers
read-only
idempotent
list-people-who-are-scope
List of people who are in scope for this audit
read-only
idempotent
list-vendors-who-are-scope
List of vendors who are in scope for this audit
read-only
idempotent
list-vulnerabilities-within-scope-given
List vulnerabilities within the scope of a given audit
read-only
idempotent
list-vulnerability-remediations-that-are
List vulnerability remediations that are in scope for this audit
read-only
idempotent
list-assets-associated-vulnerabilities
List assets associated with vulnerabilities
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Conduct an audit — Audits
description: 'Conduct an audit — Audits. 15 operations. Lead operation: List audits. Self-contained Naftiko capability covering
one Vanta business surface.'
tags:
- Vanta
- Audits
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
VANTA_API_KEY: VANTA_API_KEY
capability:
consumes:
- type: http
namespace: auditor-audits
baseUri: https://api.vanta.com/v1
description: Conduct an audit — Audits business capability. Self-contained, no shared references.
resources:
- name: audits
path: /audits
operations:
- name: listaudits
method: GET
description: List audits
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: changedSinceDate
in: query
type: string
description: Includes all audits that have changed since changedSinceDate.
- name: isActiveAudit
in: query
type: boolean
description: Includes only audits with no audit report uploaded
- name: audits-auditId-comments
path: /audits/{auditId}/comments
operations:
- name: listauditcomments
method: GET
description: List audit comments
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: changedSinceDate
in: query
type: string
description: Includes all comments that have changed since changedSinceDate.
- name: audits-auditId-controls
path: /audits/{auditId}/controls
operations:
- name: listauditcontrols
method: GET
description: List audit controls
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: audits-auditId-controls-custom-controls
path: /audits/{auditId}/controls/custom-controls
operations:
- name: createcustomcontrol
method: POST
description: Create a custom control for an audit
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: audits-auditId-evidence
path: /audits/{auditId}/evidence
operations:
- name: listauditevidence
method: GET
description: List audit evidence
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: changedSinceDate
in: query
type: string
description: Includes all audit evidence that have changed since changedSinceDate.
- name: audits-auditId-evidence-custom-evidence-requests
path: /audits/{auditId}/evidence/custom-evidence-requests
operations:
- name: createcustomevidencerequest
method: POST
description: Create a custom evidence request for an audit
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: audits-auditId-evidence-auditEvidenceId
path: /audits/{auditId}/evidence/{auditEvidenceId}
operations:
- name: updateauditevidence
method: PATCH
description: Update audit evidence
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: auditEvidenceId
in: path
type: string
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: audits-auditId-evidence-auditEvidenceId-comments
path: /audits/{auditId}/evidence/{auditEvidenceId}/comments
operations:
- name: createcommentforauditevidence
method: POST
description: Create a comment for audit evidence
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: auditEvidenceId
in: path
type: string
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: audits-auditId-evidence-auditEvidenceId-urls
path: /audits/{auditId}/evidence/{auditEvidenceId}/urls
operations:
- name: listauditevidenceurls
method: GET
description: List audit evidence url
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: auditEvidenceId
in: path
type: string
required: true
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: audits-auditId-monitored-computers
path: /audits/{auditId}/monitored-computers
operations:
- name: listmonitoredcomputersinauditscope
method: GET
description: List monitored computers
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: complianceStatusFilterMatchesAny
in: query
type: array
description: Filters for monitored computers matching any status declared in the filter.
- name: audits-auditId-people
path: /audits/{auditId}/people
operations:
- name: listpeopleinauditscope
method: GET
description: List of people who are in scope for this audit
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: tasksSummaryStatusMatchesAny
in: query
type: array
description: Filter individuals by those whose tasksSummary status is any of the provided values.
- name: taskTypeMatchesAny
in: query
type: array
description: Requires taskStatusMatchesAny. Includes all people for whom any of the provided taskType values in
taskTypeMatchesAny
- name: taskStatusMatchesAny
in: query
type: array
description: Requires taskTypeMatchesAny. Includes all people for whom any of the provided taskType values in taskTypeMatchesAny
- name: audits-auditId-vendors
path: /audits/{auditId}/vendors
operations:
- name: listvendorsinauditscope
method: GET
description: List of vendors who are in scope for this audit
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: audits-auditId-vulnerabilities
path: /audits/{auditId}/vulnerabilities
operations:
- name: listvulnerabilities
method: GET
description: List vulnerabilities within the scope of a given audit
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: query
in: query
type: string
description: Filter vulnerabilities by search query
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: isDeactivated
in: query
type: boolean
description: Filter vulnerabilities by deactivation status.
- name: externalVulnerabilityId
in: query
type: string
description: Filter vulnerabilities based on a specific external ID.
- name: isFixAvailable
in: query
type: boolean
description: Filter vulnerabilities that have an available fix.
- name: packageIdentifier
in: query
type: string
description: Filter vulnerabilities that are from a specific package.
- name: slaDeadlineAfterDate
in: query
type: string
description: Filter vulnerabilities with a fix due after a specific timestamp
- name: slaDeadlineBeforeDate
in: query
type: string
description: Filter vulnerabilities with a fix due before a specific timestamp
- name: severity
in: query
type: string
description: Filter vulnerabilities by severity.
- name: integrationId
in: query
type: string
description: Filter vulnerabilities by the vulnerability scanner that detected them.
- name: includeVulnerabilitiesWithoutSlas
in: query
type: boolean
description: Filter vulnerabilities without an SLA due date.
- name: vulnerableAssetId
in: query
type: string
description: Filter vulnerabilities by a specific asset ID.
- name: audits-auditId-vulnerability-remediations
path: /audits/{auditId}/vulnerability-remediations
operations:
- name: listvulnerabilityremediationsinauditscope
method: GET
description: List vulnerability remediations that are in scope for this audit
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: integrationId
in: query
type: string
description: Filter vulnerability remediations based on a specific scanner integration.
- name: severity
in: query
type: string
description: Filter vulnerability remediations by severity.
- name: isRemediatedOnTime
in: query
type: boolean
description: Filter vulnerability remediations by remediation status.
- name: remediatedAfterDate
in: query
type: string
description: Filter vulnerability remediations that occurred after a specific timestamp.
- name: remediatedBeforeDate
in: query
type: string
description: Filter vulnerability remediations that occurred before a specific timestamp.
- name: audits-auditId-vulnerable-assets
path: /audits/{auditId}/vulnerable-assets
operations:
- name: getvulnerableassets
method: GET
description: List assets associated with vulnerabilities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: auditId
in: path
type: string
required: true
- name: query
in: query
type: string
description: Filter vulnerable assets by search query.
- name: pageSize
in: query
type: string
- name: pageCursor
in: query
type: string
- name: integrationId
in: query
type: string
description: Filter vulnerable assets by specific vulnerability scanner.
- name: assetType
in: query
type: string
description: Filter vulnerable assets by asset type.
- name: assetExternalAccountId
in: query
type: string
description: Filter vulnerable assets by...
authentication:
type: bearer
token: '{{env.VANTA_API_KEY}}'
exposes:
- type: rest
namespace: auditor-audits-rest
port: 8080
description: REST adapter for Conduct an audit — Audits. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/audits
name: audits
description: REST surface for audits.
operations:
- method: GET
name: listaudits
description: List audits
call: auditor-audits.listaudits
with:
pageSize: rest.pageSize
pageCursor: rest.pageCursor
changedSinceDate: rest.changedSinceDate
isActiveAudit: rest.isActiveAudit
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/comments
name: audits-auditid-comments
description: REST surface for audits-auditId-comments.
operations:
- method: GET
name: listauditcomments
description: List audit comments
call: auditor-audits.listauditcomments
with:
auditId: rest.auditId
pageSize: rest.pageSize
pageCursor: rest.pageCursor
changedSinceDate: rest.changedSinceDate
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/controls
name: audits-auditid-controls
description: REST surface for audits-auditId-controls.
operations:
- method: GET
name: listauditcontrols
description: List audit controls
call: auditor-audits.listauditcontrols
with:
auditId: rest.auditId
pageSize: rest.pageSize
pageCursor: rest.pageCursor
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/controls/custom-controls
name: audits-auditid-controls-custom-controls
description: REST surface for audits-auditId-controls-custom-controls.
operations:
- method: POST
name: createcustomcontrol
description: Create a custom control for an audit
call: auditor-audits.createcustomcontrol
with:
auditId: rest.auditId
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/evidence
name: audits-auditid-evidence
description: REST surface for audits-auditId-evidence.
operations:
- method: GET
name: listauditevidence
description: List audit evidence
call: auditor-audits.listauditevidence
with:
auditId: rest.auditId
pageSize: rest.pageSize
pageCursor: rest.pageCursor
changedSinceDate: rest.changedSinceDate
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/evidence/custom-evidence-requests
name: audits-auditid-evidence-custom-evidence-requests
description: REST surface for audits-auditId-evidence-custom-evidence-requests.
operations:
- method: POST
name: createcustomevidencerequest
description: Create a custom evidence request for an audit
call: auditor-audits.createcustomevidencerequest
with:
auditId: rest.auditId
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/evidence/{auditevidenceid}
name: audits-auditid-evidence-auditevidenceid
description: REST surface for audits-auditId-evidence-auditEvidenceId.
operations:
- method: PATCH
name: updateauditevidence
description: Update audit evidence
call: auditor-audits.updateauditevidence
with:
auditId: rest.auditId
auditEvidenceId: rest.auditEvidenceId
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/evidence/{auditevidenceid}/comments
name: audits-auditid-evidence-auditevidenceid-comments
description: REST surface for audits-auditId-evidence-auditEvidenceId-comments.
operations:
- method: POST
name: createcommentforauditevidence
description: Create a comment for audit evidence
call: auditor-audits.createcommentforauditevidence
with:
auditId: rest.auditId
auditEvidenceId: rest.auditEvidenceId
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/evidence/{auditevidenceid}/urls
name: audits-auditid-evidence-auditevidenceid-urls
description: REST surface for audits-auditId-evidence-auditEvidenceId-urls.
operations:
- method: GET
name: listauditevidenceurls
description: List audit evidence url
call: auditor-audits.listauditevidenceurls
with:
auditId: rest.auditId
auditEvidenceId: rest.auditEvidenceId
pageSize: rest.pageSize
pageCursor: rest.pageCursor
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/monitored-computers
name: audits-auditid-monitored-computers
description: REST surface for audits-auditId-monitored-computers.
operations:
- method: GET
name: listmonitoredcomputersinauditscope
description: List monitored computers
call: auditor-audits.listmonitoredcomputersinauditscope
with:
auditId: rest.auditId
pageSize: rest.pageSize
pageCursor: rest.pageCursor
complianceStatusFilterMatchesAny: rest.complianceStatusFilterMatchesAny
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/people
name: audits-auditid-people
description: REST surface for audits-auditId-people.
operations:
- method: GET
name: listpeopleinauditscope
description: List of people who are in scope for this audit
call: auditor-audits.listpeopleinauditscope
with:
auditId: rest.auditId
pageSize: rest.pageSize
pageCursor: rest.pageCursor
tasksSummaryStatusMatchesAny: rest.tasksSummaryStatusMatchesAny
taskTypeMatchesAny: rest.taskTypeMatchesAny
taskStatusMatchesAny: rest.taskStatusMatchesAny
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/vendors
name: audits-auditid-vendors
description: REST surface for audits-auditId-vendors.
operations:
- method: GET
name: listvendorsinauditscope
description: List of vendors who are in scope for this audit
call: auditor-audits.listvendorsinauditscope
with:
auditId: rest.auditId
pageSize: rest.pageSize
pageCursor: rest.pageCursor
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/vulnerabilities
name: audits-auditid-vulnerabilities
description: REST surface for audits-auditId-vulnerabilities.
operations:
- method: GET
name: listvulnerabilities
description: List vulnerabilities within the scope of a given audit
call: auditor-audits.listvulnerabilities
with:
auditId: rest.auditId
query: rest.query
pageSize: rest.pageSize
pageCursor: rest.pageCursor
isDeactivated: rest.isDeactivated
externalVulnerabilityId: rest.externalVulnerabilityId
isFixAvailable: rest.isFixAvailable
packageIdentifier: rest.packageIdentifier
slaDeadlineAfterDate: rest.slaDeadlineAfterDate
slaDeadlineBeforeDate: rest.slaDeadlineBeforeDate
severity: rest.severity
integrationId: rest.integrationId
includeVulnerabilitiesWithoutSlas: rest.includeVulnerabilitiesWithoutSlas
vulnerableAssetId: rest.vulnerableAssetId
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/vulnerability-remediations
name: audits-auditid-vulnerability-remediations
description: REST surface for audits-auditId-vulnerability-remediations.
operations:
- method: GET
name: listvulnerabilityremediationsinauditscope
description: List vulnerability remediations that are in scope for this audit
call: auditor-audits.listvulnerabilityremediationsinauditscope
with:
auditId: rest.auditId
pageSize: rest.pageSize
pageCursor: rest.pageCursor
integrationId: rest.integrationId
severity: rest.severity
isRemediatedOnTime: rest.isRemediatedOnTime
remediatedAfterDate: rest.remediatedAfterDate
remediatedBeforeDate: rest.remediatedBeforeDate
outputParameters:
- type: object
mapping: $.
- path: /v1/audits/{auditid}/vulnerable-assets
name: audits-auditid-vulnerable-assets
description: REST surface for audits-auditId-vulnerable-assets.
operations:
- method: GET
name: getvulnerableassets
description: List assets associated with vulnerabilities
call: auditor-audits.getvulnerableassets
with:
auditId: rest.auditId
query: rest.query
pageSize: rest.pageSize
pageCursor: rest.pageCursor
integrationId: rest.integrationId
assetType: rest.assetType
assetExternalAccountId: rest.assetExternalAccountId
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: auditor-audits-mcp
port: 9090
transport: http
description: MCP adapter for Conduct an audit — Audits. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: list-audits
description: List audits
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listaudits
with:
pageSize: tools.pageSize
pageCursor: tools.pageCursor
changedSinceDate: tools.changedSinceDate
isActiveAudit: tools.isActiveAudit
outputParameters:
- type: object
mapping: $.
- name: list-audit-comments
description: List audit comments
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listauditcomments
with:
auditId: tools.auditId
pageSize: tools.pageSize
pageCursor: tools.pageCursor
changedSinceDate: tools.changedSinceDate
outputParameters:
- type: object
mapping: $.
- name: list-audit-controls
description: List audit controls
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listauditcontrols
with:
auditId: tools.auditId
pageSize: tools.pageSize
pageCursor: tools.pageCursor
outputParameters:
- type: object
mapping: $.
- name: create-custom-control-audit
description: Create a custom control for an audit
hints:
readOnly: false
destructive: false
idempotent: false
call: auditor-audits.createcustomcontrol
with:
auditId: tools.auditId
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: list-audit-evidence
description: List audit evidence
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listauditevidence
with:
auditId: tools.auditId
pageSize: tools.pageSize
pageCursor: tools.pageCursor
changedSinceDate: tools.changedSinceDate
outputParameters:
- type: object
mapping: $.
- name: create-custom-evidence-request-audit
description: Create a custom evidence request for an audit
hints:
readOnly: false
destructive: false
idempotent: false
call: auditor-audits.createcustomevidencerequest
with:
auditId: tools.auditId
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: update-audit-evidence
description: Update audit evidence
hints:
readOnly: false
destructive: false
idempotent: true
call: auditor-audits.updateauditevidence
with:
auditId: tools.auditId
auditEvidenceId: tools.auditEvidenceId
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-comment-audit-evidence
description: Create a comment for audit evidence
hints:
readOnly: false
destructive: false
idempotent: false
call: auditor-audits.createcommentforauditevidence
with:
auditId: tools.auditId
auditEvidenceId: tools.auditEvidenceId
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: list-audit-evidence-url
description: List audit evidence url
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listauditevidenceurls
with:
auditId: tools.auditId
auditEvidenceId: tools.auditEvidenceId
pageSize: tools.pageSize
pageCursor: tools.pageCursor
outputParameters:
- type: object
mapping: $.
- name: list-monitored-computers
description: List monitored computers
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listmonitoredcomputersinauditscope
with:
auditId: tools.auditId
pageSize: tools.pageSize
pageCursor: tools.pageCursor
complianceStatusFilterMatchesAny: tools.complianceStatusFilterMatchesAny
outputParameters:
- type: object
mapping: $.
- name: list-people-who-are-scope
description: List of people who are in scope for this audit
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listpeopleinauditscope
with:
auditId: tools.auditId
pageSize: tools.pageSize
pageCursor: tools.pageCursor
tasksSummaryStatusMatchesAny: tools.tasksSummaryStatusMatchesAny
taskTypeMatchesAny: tools.taskTypeMatchesAny
taskStatusMatchesAny: tools.taskStatusMatchesAny
outputParameters:
- type: object
mapping: $.
- name: list-vendors-who-are-scope
description: List of vendors who are in scope for this audit
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listvendorsinauditscope
with:
auditId: tools.auditId
pageSize: tools.pageSize
pageCursor: tools.pageCursor
outputParameters:
- type: object
mapping: $.
- name: list-vulnerabilities-within-scope-given
description: List vulnerabilities within the scope of a given audit
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listvulnerabilities
with:
auditId: tools.auditId
query: tools.query
pageSize: tools.pageSize
pageCursor: tools.pageCursor
isDeactivated: tools.isDeactivated
externalVulnerabilityId: tools.externalVulnerabilityId
isFixAvailable: tools.isFixAvailable
packageIdentifier: tools.packageIdentifier
slaDeadlineAfterDate: tools.slaDeadlineAfterDate
slaDeadlineBeforeDate: tools.slaDeadlineBeforeDate
severity: tools.severity
integrationId: tools.integrationId
includeVulnerabilitiesWithoutSlas: tools.includeVulnerabilitiesWithoutSlas
vulnerableAssetId: tools.vulnerableAssetId
outputParameters:
- type: object
mapping: $.
- name: list-vulnerability-remediations-that-are
description: List vulnerability remediations that are in scope for this audit
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.listvulnerabilityremediationsinauditscope
with:
auditId: tools.auditId
pageSize: tools.pageSize
pageCursor: tools.pageCursor
integrationId: tools.integrationId
severity: tools.severity
isRemediatedOnTime: tools.isRemediatedOnTime
remediatedAfterDate: tools.remediatedAfterDate
remediatedBeforeDate: tools.remediatedBeforeDate
outputParameters:
- type: object
mapping: $.
- name: list-assets-associated-vulnerabilities
description: List assets associated with vulnerabilities
hints:
readOnly: true
destructive: false
idempotent: true
call: auditor-audits.getvulnerableassets
with:
auditId: tools.auditId
query: tools.query
pageSize: tools.pageSize
pageCursor: tools.pageCursor
integrationId: tools.integrationId
assetType: tools.assetType
assetExternalAccountId: tools.assetExternalAccountId
outputParameters:
- type: object
mapping: $.