All-frameworks compliance report across a project's assessments
GET/api/v1/projects/:project_id/findings/compliance-report
Build the single all-frameworks compliance report for a whole project.
The cross-assessment / date-range aggregation calls for: every accessible finding attached to the project is mapped against OWASP Top 10 2021, CWE, SOC 2, ISO/IEC 27001:2022, and PCI-DSS v4.0 side-by-side, with the executive severity distribution + per-control remediation rollup.
- Scope required:
findings:export. - Org-scoped; per-assessment RBAC filters the rollup.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Project findings mapped against OWASP Top 10 / CWE / SOC 2 / ISO 27001 / PCI-DSS side-by-side, aggregated across assessments.
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.