All-frameworks compliance report for an assessment's findings
GET/api/v1/assessments/:assessment_id/findings/compliance-report
Build the single all-frameworks compliance report.
Maps the assessment's findings against OWASP Top 10 2021, CWE, SOC 2, ISO/IEC 27001:2022, and PCI-DSS v4.0 side-by-side in one report never per-framework, never selectable-single. Includes the executive severity distribution and per-control remediation rollup.
- Scope required:
findings:export. - Org-scoped + assessment-level RBAC, same as the findings list.
- JSON returns the structured report; CSV streams the per-control rollup
as a
Content-Disposition: attachmentdownload.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Findings mapped against OWASP Top 10 / CWE / SOC 2 / ISO 27001 / PCI-DSS side-by-side.
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.