Skip to main content

Compliance-control coverage rollups per framework

GET 

/api/v1/findings/stats/compliance

Map findings to compliance controls with per-control status rollups.

Findings-derived evidence only — not a compliance attestation. Findings without resolvable cwe_id / owasp_category appear in the explicit unmapped bucket.

  • Scope required: findings:read.
  • Reads are never flag-gated (release_compliance_mapping hides the App tab only).

Request

Responses

Successful Response