API Reference

Reports Endpoint

Generate compliance reports programmatically — readiness assessments, gap analyses, executive summaries, and evidence collection reports.

Updated March 20265 min read

On this page

Reports Overview

The Reports API allows you to generate and retrieve compliance reports. Reports compile data from your scans, controls, and evidence into structured documents suitable for auditors, management, and stakeholders. Generated reports are stored in S3 and accessible via presigned URLs.

  • Base path: /api/reports
  • Reports generated asynchronously and stored securely
  • Download via secure, time-limited URL in the response
  • Available to all authenticated roles

POST /api/reports/generate

Generate a new compliance report for a specific framework. The request body includes the framework name and optionally a specific scan job ID. If no scan job is specified, the latest completed scan is used. The response includes the report URL, compliance score, and control counts.

  • Body: { "framework": "SOC 2", "scan_job_id": "uuid (optional)" }
  • Response: { "report_url": "https://...", "compliance_score": 78.5, "total_controls": 49, "passed_controls": 38, "failed_controls": 11 }
  • Framework name must match an active framework (SOC 2, CMMC, ISO 27001, HIPAA, HITRUST, NIST CSF, PCI DSS)
  • Reports are JSON format by default

Report Types

ComplyWise supports four report types, each providing a different perspective on your compliance posture. The report type is specified in the request body. Compliance Readiness shows current pass/fail status. Gap Analysis identifies unmet controls with remediation priorities. Executive Summary provides a high-level overview. Evidence Collection shows evidence completeness.

  • compliance_summary — Current compliance posture with control-level detail
  • gap_analysis — Unmet controls ranked by priority with remediation guidance
  • executive_summary — High-level overview suitable for leadership reporting
  • evidence_collection — Evidence completeness and gaps by control domain

Report Contents

Each report contains metadata (framework, generation date, tenant), a compliance score, and detailed sections. The control_status section lists every control with its pass/fail status. The evidence_references section links to evidence artifacts. The remediation_steps section provides actionable guidance for failing controls.

  • metadata: framework, generated_at, organization
  • compliance_score: percentage based on passed/total controls
  • control_status: array of controls with individual status
  • evidence_references: links to stored evidence artifacts
  • remediation_steps: prioritized guidance for failing controls

GET /api/reports/frameworks

Get a readiness overview for all frameworks at once. Returns each framework with its name, version, total controls, and current compliance score. Useful for executive dashboards and cross-framework comparison.

  • Response: { "frameworks": [ { "framework": "SOC 2", "version": "2024", "total_controls": 49, "score": 78.5 }, ... ] }
  • Scores derived from latest scan results
  • Available to all authenticated roles
Controls & Findings EndpointWebhooks & Events
← Back to Documentation