Security Scorecard

the security scorecard connector allows for automated interactions with security scorecard's platform, enabling users to manage portfolios, analyze company scorecards, and generate security reports security scorecard offers a comprehensive platform for monitoring and managing enterprise security posture and third party risk by integrating with swimlane turbine, users can automate the process of adding companies to portfolios, generating detailed security reports, and retrieving company scores and issue counts this connector streamlines the risk assessment process, enabling users to make informed security decisions quickly and efficiently the integration enhances swimlane's low code automation capabilities, allowing users to leverage security scorecard's powerful analytics without manual intervention limitations none to date supported versions this security scorecard connector uses the version 1 api additional docs https //securityscorecard readme io/reference/introduction https //platform securityscorecard io/#/my settings/api configuration prerequisites to effectively utilize the security scorecard connector with swimlane turbine, ensure you have the following api key authentication url the endpoint url for security scorecard's api api key your unique identifier to authenticate with security scorecard's api authentication methods api key authentication with the following parameters url the base endpoint for security scorecard's api api key your unique identifier to authenticate with security scorecard's api capabilities this connector provides the following capabilities add company to portfolio download a generated report generate a company detailed report generate a company issues report generate a company summary report get a company factor scores and issue counts get a company information and scorecard summary get all companies in a portfolio get all portfolios get factor scores for the industry get score for the industry remove company from portfolio add company to portfolio adds a specified company to a portfolio on security scorecard using the portfolio id and domain as required parameters https //securityscorecard readme io/reference/put portfolios portfolio id companies domain download a generated report retrieve a previously generated report from security scorecard using the specified file path https //securityscorecard readme io/reference/get reports files file path 1 generate a company detailed report generates a comprehensive report for a company using its scorecard identifier in security scorecard https //securityscorecard readme io/reference/post reports detailed 1 generate a company issues report generates a detailed report on company issues using the security scorecard, requiring a scorecard identifier https //securityscorecard readme io/reference/post reports issues 1 generate a company summary report generates a comprehensive summary report for a company using the scorecard identifier provided https //securityscorecard readme io/reference/post reports summary 1 get a company factor scores and issue counts retrieve factor scores and issue counts for a specified company using its scorecard identifier in security scorecard https //securityscorecard readme io/reference/get companies scorecard identifier factors get a company information and scorecard summary retrieve a company's information and scorecard summary using the specified scorecard identifier https //securityscorecard readme io/reference/get companies scorecard identifier get all companies in portfolio retrieve all companies within a specified portfolio on security scorecard using the portfolio id https //securityscorecard readme io/reference/get companies scorecard identifier get all portfolios fetches all accessible portfolios from security scorecard, providing a comprehensive overview https //securityscorecard readme io/reference/get portfolios get factor scores for the industry retrieve security scorecard factor scores for a specified industry using the 'industry' path parameter https //securityscorecard readme io/reference/get industries industry factors get score for the industry retrieve the security score for a specified industry using security scorecard, requiring an 'industry' path parameter https //securityscorecard readme io/reference/get industries industry score remove company from portfolio removes a specified company from a portfolio on security scorecard using the portfolio id and domain https //securityscorecard readme io/reference/delete portfolios portfolio id companies domain configurations security scorecard api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add company to portfolio adds a company to a specified portfolio in security scorecard using the portfolio id and domain endpoint url portfolios/{{portfolio id}}/companies/{{domain}} method put input argument name type required description path parameters portfolio id string required a portfolio unique id path parameters domain string required a company's internet domain this parameter accepts any valid internet domain input example {"path parameters" {"portfolio id" "3f401492 6a8d 5443 9448 4436ff619210","domain" "swimlane com"}} output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource domain string output field domain grade string output field grade grade url string url endpoint for the request score number score value industry string output field industry size string output field size last30days score change number output field last30days score change output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "223","connection" "keep alive","date" "fri, 08 nov 2024 15 02 26 gmt","etag" "w/\\"df w72g/oyevtoautrsji/rpunjotq\\"","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset","x cache" "miss from download a generated report retrieve a previously generated report from security scorecard by specifying the file path endpoint url reports/files/{{file path}} method get input argument name type required description parameters lng string optional language in which you want to download the generated report path parameters file path string required a path to the file input example {"parameters" {"lng" "en us"},"path parameters" {"file path" "u 1bebe650 38ff 5f7f 8589 7f2f84c095e3/9bf84240 e6b8 42c6 a9fd fdc8c60b7333/swimlane issues report 2024 11 09 json pdf"}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file string output field file file file file name string name of the resource output example {"file" {"file" "string","file name" "example name"}} generate a company detailed report generates a comprehensive report for a company using its scorecard identifier in security scorecard endpoint url reports/detailed method post input argument name type required description scorecard identifier string optional primary identifier of a company or scorecard branding string optional branding has valid values which are securityscorecard(default) reports are only displaying securityscorecard's logo, company and securityscorecard your company's logo will be used in conjunction with security scorecard's company reports are only displaying your company's logo score type string optional scoring version input example {"json body" {"scorecard identifier" "swimlane com","branding" "securityscorecard","score type" "scoring v2"}} output parameter type description status code number http status code of the response reason string response reason phrase params object output field params params domain string output field params domain params branding string output field params branding params score type string type of the resource format string output field format title string output field title id string unique identifier report type string type of the resource created at string output field created at is new boolean output field is new output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "268","connection" "keep alive","date" "sat, 09 nov 2024 16 13 05 gmt","etag" "w/\\"10c 7jeok4vw5dcwazmb0ftwt1nwefk\\"","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset","x cache" "miss fro generate a company issues report generates a detailed report on company issues from security scorecard using a unique scorecard identifier endpoint url reports/issues method post input argument name type required description scorecard identifier string optional primary identifier of a company or scorecard format string optional output format score type string optional type of the resource input example {"json body" {"scorecard identifier" "swimlane com","branding" "securityscorecard","score type" "scoring v2"}} output parameter type description status code number http status code of the response reason string response reason phrase params object output field params params domain string output field params domain params format string output field params format params branding string output field params branding params score type string type of the resource format string output field format title string output field title id string unique identifier report type string type of the resource created at string output field created at is new boolean output field is new output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "279","connection" "keep alive","date" "sat, 09 nov 2024 16 25 07 gmt","etag" "w/\\"117 kmktd/d5fglhehbyn6lu8aew6vk\\"","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset","x cache" "miss fro generate a company summary report generates a comprehensive summary report for a company in security scorecard using the provided scorecard identifier endpoint url reports/summary method post input argument name type required description scorecard identifier string optional primary identifier of a company or scorecard branding string optional branding has valid values which are securityscorecard(default) reports are only displaying securityscorecard's logo, company and securityscorecard your company's logo will be used in conjunction with security scorecard's company reports are only displaying your company's logo score type string optional scoring version input example {"json body" {"scorecard identifier" "swimlane com","branding" "securityscorecard","score type" "scoring v2"}} output parameter type description status code number http status code of the response reason string response reason phrase params object output field params params domain string output field params domain params branding string output field params branding params score type string type of the resource format string output field format title string output field title id string unique identifier report type string type of the resource created at string output field created at is new boolean output field is new output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "261","connection" "keep alive","date" "sat, 09 nov 2024 16 18 43 gmt","etag" "w/\\"105 bwvgwk2jnsctdrwfvaf8ohxcwmo\\"","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset","x cache" "miss fro get a company factor scores and issue counts retrieve a company's factor scores and issue counts using its scorecard identifier in security scorecard endpoint url companies/{{scorecard identifier}}/factors method get input argument name type required description parameters severity string optional optionally filter issues by severity parameters severity in string optional optionally filter issues by comma separated severity list parameters score type string optional scoring version path parameters scorecard identifier string required primary identifier of a company or scorecard input example {"parameters" {"severity" "high","severity in" "high,medium","score type" "scoring v2"},"path parameters" {"scorecard identifier" "swimlane com"}} output parameter type description status code number http status code of the response reason string response reason phrase entries array output field entries entries name string name of the resource entries score number score value entries grade string output field entries grade entries grade url string url endpoint for the request entries issue summary array output field entries issue summary entries issue summary file name string name of the resource entries issue summary file string output field entries issue summary file total number output field total output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","date" "fri, 08 nov 2024 15 19 04 gmt","etag" "w/\\"973 1ovudb5pzq/gim/i21phacerr+k\\"","content encoding" "gzip","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,rat get a company information and scorecard summary retrieve a company's profile and scorecard summary by using the provided scorecard identifier endpoint url companies/{{scorecard identifier}} method get input argument name type required description parameters score type string optional scoring version parameters with provisional status boolean optional return if score is provisional path parameters scorecard identifier string required primary identifier of a company or scorecard in securityscorecard to determine this value, company must be added to a portfolio first input example {"parameters" {"score type" "scoring v2","with provisional status"\ true},"path parameters" {"scorecard identifier" "swimlane com"}} output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource domain string output field domain grade string output field grade grade url string url endpoint for the request score number score value industry string output field industry size string output field size uuid string unique identifier last30day score change number output field last30day score change is custom boolean output field is custom is entity boolean output field is entity is un published boolean output field is un published created at string output field created at disputed boolean output field disputed description string output field description provisional boolean output field provisional output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "385","connection" "keep alive","date" "sat, 09 nov 2024 15 42 24 gmt","etag" "w/\\"181 /hl10sn6bxxjgp2h11aol/yqwrc\\"","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset","x cache" "miss fro get all companies in a portfolio retrieve all companies in a given portfolio from security scorecard using the unique portfolio id endpoint url portfolios/{{portfolio id}}/companies method get input argument name type required description parameters grade string optional company score grade filter parameters industry string optional industry filter parameters vulnerability string optional cve vulnerability filter parameters issue type string optional issue type filter parameters status string optional company status parameters had breach within last days number optional companies with breaches in last n days parameters score type string optional scoring version path parameters portfolio id string required a portfolio unique id input example {"parameters" {"grade" "a","industry" "retail","vulnerability" "cve 2016 0800","issue type" "service vuln host medium","status" "active","had breach within last days" 15,"score type" "scoring v2"},"path parameters" {"portfolio id" "d539810a 0e3d 55e0 aa98 68fbe02818d4"}} output parameter type description status code number http status code of the response reason string response reason phrase entries array output field entries entries domain string output field entries domain entries uuid string unique identifier entries name string name of the resource entries score number score value entries added date string date value entries grade string output field entries grade entries grade url string url endpoint for the request entries last30days score change number output field entries last30days score change entries industry string output field entries industry entries size string output field entries size entries products array output field entries products entries products count number count value total number output field total output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","transfer encoding" "chunked","connection" "keep alive","date" "fri, 08 nov 2024 14 12 56 gmt","etag" "w/\\"86a7 3tl+dsryd+2ch6obi5ch+vbzjuq\\"","content encoding" "gzip","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ra get all portfolios retrieves all portfolios accessible in security scorecard, offering a complete overview endpoint url portfolios method get output parameter type description status code number http status code of the response reason string response reason phrase entries array output field entries entries id string unique identifier entries name string name of the resource entries privacy string output field entries privacy entries read only boolean output field entries read only entries created at string output field entries created at entries is public boolean output field entries is public entries owner organization id string unique identifier entries owner team id string unique identifier entries owner user id string unique identifier total number output field total output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "559","connection" "keep alive","date" "fri, 08 nov 2024 13 21 57 gmt","etag" "w/\\"bd63 7mng3cz4j8rsokrozobfvd6peok\\"","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset","x cache" "miss fr get factor scores for the industry retrieve factor scores from security scorecard for a given industry by specifying the 'industry' path parameter endpoint url industries/{{industry}}/factors method get input argument name type required description parameters score type string optional scoring version path parameters industry string required parameters for the get factor scores for the industry action input example {"parameters" {"score type" "scoring v2"},"path parameters" {"industry" "technology"}} output parameter type description status code number http status code of the response reason string response reason phrase entries array output field entries entries name string name of the resource entries score number score value output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "399","connection" "keep alive","date" "sat, 09 nov 2024 14 38 52 gmt","etag" "w/\\"18f qrepkaxszi85q2f+ejavduzkwfa\\"","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset","x cache" "miss fro get score for the industry retrieve a security score for a specified industry from security scorecard using the 'industry' path parameter endpoint url industries/{{industry}}/score method get input argument name type required description parameters score type string optional scoring version path parameters industry string required parameters for the get score for the industry action input example {"parameters" {"score type" "scoring v2"},"path parameters" {"industry" "technology"}} output parameter type description status code number http status code of the response reason string response reason phrase industry string output field industry avg score number score value avg grade string output field avg grade output example {"status code" 200,"response headers" {"content type" "application/json; charset=utf 8","content length" "56","connection" "keep alive","date" "sat, 09 nov 2024 15 59 25 gmt","etag" "w/\\"38 z6zpzfw2uxodazkh5+s5xlkxuc4\\"","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin, accept encoding","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset","x cache" "miss from remove company from portfolio removes a company from a specified portfolio in security scorecard by using the unique portfolio id and domain endpoint url portfolios/{{portfolio id}}/companies/{{domain}} method delete input argument name type required description path parameters portfolio id string required a portfolio unique id path parameters domain string required a company's internet domain this parameter accepts any valid internet domain input example {"path parameters" {"portfolio id" "3f401492 6a8d 5443 9448 4436ff619210","domain" "swimlane com"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {"connection" "keep alive","date" "fri, 08 nov 2024 15 08 24 gmt","access control expose headers" "x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset","strict transport security" "max age=31536000; includesubdomains","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin","x cache" "miss from cloudfront","via" "1 1 898e7abc0de61925c5e722b3d2dc3db4 cloudfront net (cloudfront)","x amz cf pop" "hyd57 p6","x amz cf id" "vpi0uegi response headers header description example access control expose headers http response header access control expose headers x csrf token,ratelimit limit,ratelimit remaining,ratelimit reset connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 385 content type the media type of the resource application/json date the date and time at which the message was originated fri, 08 nov 2024 13 21 57 gmt etag an identifier for a specific version of a resource w/"18f qrepkaxszi85q2f+ejavduzkwfa" strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary origin via http response header via 1 1 11ed573d0033b4307453558c63c89b86 cloudfront net (cloudfront) x amz cf id http response header x amz cf id y6rqqihowumy9mxqphoqyow2hyoxt4zjgvgqiflykgciaeasm8lrga== x amz cf pop http response header x amz cf pop hyd57 p6 x cache http response header x cache miss from cloudfront x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block