-
security_issues_all_get — get all open security issues across the org
-
components_list — get all components for cross-referencing
-
For each component with findings:
a. branches_list — find the default branch
b. security_findings_summary_get — severity breakdown
c. security_issues_open_get — detailed finding list
d. runs_list(limit=3) — check if recent scans ran successfully
-
Get org-level security reports:
a. organizations_suborg_report(s1) — components with scanner coverage
b. organizations_suborg_report(s2) — workflows with scanner coverage
c. organizations_suborg_report(s6) — scan types in automations
d. organizations_suborg_report(s8) — SLA status
NOTE: s4 and s5 may return "No Data Found" at the org level.
Use component-level tools instead if this happens.
-
Present a security dashboard:
Organization Security Posture
| Component | Critical | High | Medium | Low | Scanner | SLA Status |
|---|
| name | N | N | N | N | type | On track |
Scanner coverage: N of M components (X%)
Workflow coverage: N of M workflows (X%)
Scan types active: SAST / DAST / SCA / Container
-
For each finding, include: finding type, file path, line number, SLA due date
-
Rank findings by priority: Critical > High with approaching SLA > High > Medium > Low
-
Provide remediation recommendations