Security Scorecard

the security scorecard connector allows for automated interactions with security scorecard's platform, enabling users to manage portfolios, analyze company scorecards, and generate security reports security scorecard offers a comprehensive platform for monitoring and managing enterprise security posture and third party risk by integrating with swimlane turbine, users can automate the process of adding companies to portfolios, generating detailed security reports, and retrieving company scores and issue counts this connector streamlines the risk assessment process, enabling users to make informed security decisions quickly and efficiently the integration enhances swimlane's low code automation capabilities, allowing users to leverage security scorecard's powerful analytics without manual intervention limitations none to date supported versions this security scorecard connector uses the version 1 api additional docs api documentation https //securityscorecard readme io/reference/introductionauthentication https //platform securityscorecard io/#/my settings/api configuration prerequisites to effectively utilize the security scorecard connector with swimlane turbine, ensure you have the following api key authentication url the endpoint url for security scorecard's api api key your unique identifier to authenticate with security scorecard's api authentication methods api key authentication with the following parameters url the base endpoint for security scorecard's api api key your unique identifier to authenticate with security scorecard's api capabilities this connector provides the following capabilities add company to portfolio download a generated report generate a company detailed report generate a company issues report generate a company summary report get a company factor scores and issue counts get a company information and scorecard summary get all companies in a portfolio get all portfolios get factor scores for the industry get score for the industry remove company from portfolio add company to portfolio adds a specified company to a portfolio on security scorecard using the portfolio id and domain as required parameters link https //securityscorecard readme io/reference/put portfolios portfolio id companies domain download a generated report retrieve a previously generated report from security scorecard using the specified file path link https //securityscorecard readme io/reference/get reports files file path 1 generate a company detailed report generates a comprehensive report for a company using its scorecard identifier in security scorecard link https //securityscorecard readme io/reference/post reports detailed 1 generate a company issues report generates a detailed report on company issues using the security scorecard, requiring a scorecard identifier link https //securityscorecard readme io/reference/post reports issues 1 generate a company summary report generates a comprehensive summary report for a company using the scorecard identifier provided link https //securityscorecard readme io/reference/post reports summary 1 get a company factor scores and issue counts retrieve factor scores and issue counts for a specified company using its scorecard identifier in security scorecard link https //securityscorecard readme io/reference/get companies scorecard identifier factors get a company information and scorecard summary retrieve a company's information and scorecard summary using the specified scorecard identifier link https //securityscorecard readme io/reference/get companies scorecard identifier get all companies in portfolio retrieve all companies within a specified portfolio on security scorecard using the portfolio id link https //securityscorecard readme io/reference/get companies scorecard identifier get all portfolios fetches all accessible portfolios from security scorecard, providing a comprehensive overview link https //securityscorecard readme io/reference/get portfolios get factor scores for the industry retrieve security scorecard factor scores for a specified industry using the 'industry' path parameter link https //securityscorecard readme io/reference/get industries industry factors get score for the industry retrieve the security score for a specified industry using security scorecard, requiring an 'industry' path parameter link https //securityscorecard readme io/reference/get industries industry score remove company from portfolio removes a specified company from a portfolio on security scorecard using the portfolio id and domain link https //securityscorecard readme io/reference/delete portfolios portfolio id companies domain configurations security scorecard api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add company to portfolio adds a company to a specified portfolio in security scorecard using the portfolio id and domain endpoint url portfolios/{{portfolio id}}/companies/{{domain}} method put input argument name type required description portfolio id string required a portfolio unique id domain string required a company's internet domain this parameter accepts any valid internet domain output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource domain string output field domain grade string output field grade grade url string url endpoint for the request score number score value industry string output field industry size string output field size last30days score change number output field last30days score change example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "223", "connection" "keep alive", "date" "fri, 08 nov 2024 15 02 26 gmt", "etag" "w/\\"df w72g/oyevtoautrsji/rpunjotq\\"", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 2801ca565a70689b98fa2a04feee5e68 cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "ej14 4yw1bpqap7krwqlpaz9q9 apd3rxq0pwdxq xkuhvtuhaxlia==" }, "reason" "ok", "json body" { "name" "swimlane", "domain" "swimlane com", "grade" "a", "grade url" "https //s3 amazonaws com/ssc static/grades/factor a svg", "score" 94, "industry" "information services", "size" "size 201 to 500", "last30days score change" 0 } } ] download a generated report retrieve a previously generated report from security scorecard by specifying the file path endpoint url reports/files/{{file path}} method get input argument name type required description lng string optional language in which you want to download the generated report file path string required a path to the file output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file string output field file file name string name of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "file" { "file" "string", "file name" "example name" } } ] generate a company detailed report generates a comprehensive report for a company using its scorecard identifier in security scorecard endpoint url reports/detailed method post input argument name type required description scorecard identifier string required primary identifier of a company or scorecard branding string optional branding has valid values which are securityscorecard(default) reports are only displaying securityscorecard's logo, company and securityscorecard your company's logo will be used in conjunction with security scorecard's company reports are only displaying your company's logo score type string optional scoring version output parameter type description status code number http status code of the response reason string response reason phrase params object output field params domain string output field domain branding string output field branding score type string type of the resource format string output field format title string output field title id string unique identifier report type string type of the resource created at string output field created at is new boolean output field is new example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "268", "connection" "keep alive", "date" "sat, 09 nov 2024 16 13 05 gmt", "etag" "w/\\"10c 7jeok4vw5dcwazmb0ftwt1nwefk\\"", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 6129a0fad6db5159e338f6841167215a cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "kqkplf imipy5za2fsqkqbompb1xea4ui1rry22xm4oidlytyw69nq==" }, "reason" "ok", "json body" { "params" {}, "format" "pdf", "title" "swimlane detailed report", "id" "e4cc164c a013 4cf4 9b5f 20ae07a546f1", "report type" "detailed", "created at" "2024 11 09t16 13 04 997z", "is new" true } } ] generate a company issues report generates a detailed report on company issues from security scorecard using a unique scorecard identifier endpoint url reports/issues method post input argument name type required description scorecard identifier string required primary identifier of a company or scorecard format string optional output format score type string optional type of the resource output parameter type description status code number http status code of the response reason string response reason phrase params object output field params domain string output field domain format string output field format branding string output field branding score type string type of the resource format string output field format title string output field title id string unique identifier report type string type of the resource created at string output field created at is new boolean output field is new example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "279", "connection" "keep alive", "date" "sat, 09 nov 2024 16 25 07 gmt", "etag" "w/\\"117 kmktd/d5fglhehbyn6lu8aew6vk\\"", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 7f231e342f1b883cae16293f3857b1ea cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "3ojt5ckcpjvzwbnbd ped78jqule fizszdbrnevauw0qgoljlc1bq==" }, "reason" "ok", "json body" { "params" {}, "format" "pdf", "title" "swimlane issues report", "id" "9bf84240 e6b8 42c6 a9fd fdc8c60b7333", "report type" "issues", "created at" "2024 11 09t16 25 07 372z", "is new" true } } ] generate a company summary report generates a comprehensive summary report for a company in security scorecard using the provided scorecard identifier endpoint url reports/summary method post input argument name type required description scorecard identifier string required primary identifier of a company or scorecard branding string optional branding has valid values which are securityscorecard(default) reports are only displaying securityscorecard's logo, company and securityscorecard your company's logo will be used in conjunction with security scorecard's company reports are only displaying your company's logo score type string optional scoring version output parameter type description status code number http status code of the response reason string response reason phrase params object output field params domain string output field domain branding string output field branding score type string type of the resource format string output field format title string output field title id string unique identifier report type string type of the resource created at string output field created at is new boolean output field is new example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "261", "connection" "keep alive", "date" "sat, 09 nov 2024 16 18 43 gmt", "etag" "w/\\"105 bwvgwk2jnsctdrwfvaf8ohxcwmo\\"", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 898e7abc0de61925c5e722b3d2dc3db4 cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "z08nstwosz5bztv4zwfl iq0hlemierecvniqvzvlppqjzzxduyj0q==" }, "reason" "ok", "json body" { "params" {}, "format" "pdf", "title" "swimlane scorecard", "id" "255413da 2da0 41a2 8190 33c1a49ef46a", "report type" "summary", "created at" "2024 11 09t16 18 43 502z", "is new" true } } ] get a company factor scores and issue counts retrieve a company's factor scores and issue counts using its scorecard identifier in security scorecard endpoint url companies/{{scorecard identifier}}/factors method get input argument name type required description severity string optional optionally filter issues by severity severity in string optional optionally filter issues by comma separated severity list score type string optional scoring version scorecard identifier string required primary identifier of a company or scorecard output parameter type description status code number http status code of the response reason string response reason phrase entries array output field entries name string name of the resource score number score value grade string output field grade grade url string url endpoint for the request issue summary array output field issue summary file name string name of the resource file string output field file total number output field total example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "date" "fri, 08 nov 2024 15 19 04 gmt", "etag" "w/\\"973 1ovudb5pzq/gim/i21phacerr+k\\"", "content encoding" "gzip", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 84979832156646107bdbe881854d9eee cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "6nii88wie4ui5rdrzww7h9kofkuitkixylnjlmu1zoe9t wriu88lq==" }, "reason" "ok", "json body" { "entries" \[], "total" 10 } } ] get a company information and scorecard summary retrieve a company's profile and scorecard summary by using the provided scorecard identifier endpoint url companies/{{scorecard identifier}} method get input argument name type required description score type string optional scoring version with provisional status boolean optional return if score is provisional scorecard identifier string required primary identifier of a company or scorecard in securityscorecard to determine this value, company must be added to a portfolio first output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource domain string output field domain grade string output field grade grade url string url endpoint for the request score number score value industry string output field industry size string output field size uuid string unique identifier last30day score change number output field last30day score change is custom boolean output field is custom is entity boolean output field is entity is un published boolean output field is un published created at string output field created at disputed boolean output field disputed description string output field description provisional boolean output field provisional example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "385", "connection" "keep alive", "date" "sat, 09 nov 2024 15 42 24 gmt", "etag" "w/\\"181 /hl10sn6bxxjgp2h11aol/yqwrc\\"", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 78f024e5ffe2b95f2af89b3c657bbf64 cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "4notskovmihb rnsb01dmlk4mefzzr2abihkr61piqenb6kedviokg==" }, "reason" "ok", "json body" { "name" "swimlane", "domain" "swimlane com", "grade" "a", "grade url" "https //s3 amazonaws com/ssc static/grades/factor a svg", "score" 96, "industry" "information services", "size" "size 201 to 500", "uuid" "", "last30day score change" 0, "is custom" false, "is entity" false, "is un published" true, "created at" "2020 04 24t16 32 30 319z", "disputed" false, "description" "" } } ] get all companies in a portfolio retrieve all companies in a given portfolio from security scorecard using the unique portfolio id endpoint url portfolios/{{portfolio id}}/companies method get input argument name type required description grade string optional company score grade filter industry string optional industry filter vulnerability string optional cve vulnerability filter issue type string optional issue type filter status string optional company status had breach within last days number optional companies with breaches in last n days score type string optional scoring version portfolio id string required a portfolio unique id output parameter type description status code number http status code of the response reason string response reason phrase entries array output field entries domain string output field domain uuid string unique identifier name string name of the resource score number score value added date string date value grade string output field grade grade url string url endpoint for the request last30days score change number output field last30days score change industry string output field industry size string output field size products array output field products products count number count value total number output field total example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "date" "fri, 08 nov 2024 14 12 56 gmt", "etag" "w/\\"86a7 3tl+dsryd+2ch6obi5ch+vbzjuq\\"", "content encoding" "gzip", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 6129a0fad6db5159e338f6841167215a cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "mt8ogqwsy umovhx kbutzxzulz5vq7auwnzvuxmeksymxkxqqgqwg==" }, "reason" "ok", "json body" { "entries" \[], "total" 2 } } ] get all portfolios retrieves all portfolios accessible in security scorecard, offering a complete overview endpoint url portfolios method get output parameter type description status code number http status code of the response reason string response reason phrase entries array output field entries id string unique identifier name string name of the resource privacy string output field privacy read only boolean output field read only created at string output field created at is public boolean output field is public owner organization id string unique identifier owner team id string unique identifier owner user id string unique identifier total number output field total example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "559", "connection" "keep alive", "date" "fri, 08 nov 2024 13 21 57 gmt", "etag" "w/\\"bd63 7mng3cz4j8rsokrozobfvd6peok\\"", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 7f231e342f1b883cae16293f3857b1ea cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "y6rqqihowumy9mxqphoqyow2hyoxt4zjgvgqiflykgciaeasm8lrga==" }, "reason" "ok", "json body" { "entries" \[], "total" 2 } } ] get factor scores for the industry retrieve factor scores from security scorecard for a given industry by specifying the 'industry' path parameter endpoint url industries/{{industry}}/factors method get input argument name type required description score type string optional scoring version industry string required parameter for get factor scores for the industry output parameter type description status code number http status code of the response reason string response reason phrase entries array output field entries name string name of the resource score number score value example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "399", "connection" "keep alive", "date" "sat, 09 nov 2024 14 38 52 gmt", "etag" "w/\\"18f qrepkaxszi85q2f+ejavduzkwfa\\"", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 11ed573d0033b4307453558c63c89b86 cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "9bvqquija9zj8ugtgctwecgmkxefpxeosnmxwx0kxf gs9kcs3zt6q==" }, "reason" "ok", "json body" { "entries" \[] } } ] get score for the industry retrieve a security score for a specified industry from security scorecard using the 'industry' path parameter endpoint url industries/{{industry}}/score method get input argument name type required description score type string optional scoring version industry string required parameter for get score for the industry output parameter type description status code number http status code of the response reason string response reason phrase industry string output field industry avg score number score value avg grade string output field avg grade example \[ { "status code" 200, "response headers" { "content type" "application/json; charset=utf 8", "content length" "56", "connection" "keep alive", "date" "sat, 09 nov 2024 15 59 25 gmt", "etag" "w/\\"38 z6zpzfw2uxodazkh5+s5xlkxuc4\\"", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin, accept encoding", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "x cache" "miss from cloudfront", "via" "1 1 898e7abc0de61925c5e722b3d2dc3db4 cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "xmp2u2zy1yysf3j4e6kn0d edyjsvboebrfxiek0d8awe8qzkcq6sw==" }, "reason" "ok", "json body" { "industry" "technology", "avg score" 85, "avg grade" "b" } } ] remove company from portfolio removes a company from a specified portfolio in security scorecard by using the unique portfolio id and domain endpoint url portfolios/{{portfolio id}}/companies/{{domain}} method delete input argument name type required description portfolio id string required a portfolio unique id domain string required a company's internet domain this parameter accepts any valid internet domain output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text example \[ { "status code" 204, "response headers" { "connection" "keep alive", "date" "fri, 08 nov 2024 15 08 24 gmt", "access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "x cache" "miss from cloudfront", "via" "1 1 898e7abc0de61925c5e722b3d2dc3db4 cloudfront net (cloudfront)", "x amz cf pop" "hyd57 p6", "x amz cf id" "vpi0uegiaju75uqbpi0hwrwdd0qdgwgvkahjclozsuwbqvxv8sbmpa==" }, "reason" "no content", "response text" "" } ] response headers header description example access control expose headers http response header access control expose headers x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 268 content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated fri, 08 nov 2024 15 02 26 gmt etag an identifier for a specific version of a resource w/"117 kmktd/d5fglhehbyn6lu8aew6vk" strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary origin via http response header via 1 1 84979832156646107bdbe881854d9eee cloudfront net (cloudfront) x amz cf id http response header x amz cf id 4notskovmihb rnsb01dmlk4mefzzr2abihkr61piqenb6kedviokg== x amz cf pop http response header x amz cf pop hyd57 p6 x cache http response header x cache miss from cloudfront x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block