Skip to Content
API ReferenceControls API

Controls API

Query and manage security controls, their framework mappings, and associated evidence.

Queries

List Controls

query {
  controls(
    filter: { framework: SOC2, evidenceStatus: STALE }
    first: 50
  ) {
    edges {
      node {
        id
        title
        description
        effectiveness
        owner { name }
        frameworks { name requirement }
        evidence {
          id
          type
          collectedAt
          isStale
        }
      }
    }
  }
}

Mutations

Upload Evidence

mutation {
  uploadEvidence(input: {
    controlId: "ctrl_abc123"
    type: SCREENSHOT
    description: "AWS Config rule showing encryption enabled"
    fileUrl: "https://..."
  }) {
    id
    collectedAt
  }
}

See the Compliance Mapping guide for how controls map across frameworks.

Last updated on
Risks APIVendors API