Skip to main content
Search and filter inventory items with customizable query parameters.
External DocumentationTo learn more, visit the Orca Security documentation.

Basic Parameters

ParameterDescription
Filter ObjectA filter object to filter the results by.

The object can contain the following fields:
- key: [String] The key to filter by.
- values: [Array] The values to filter by.
- type: [String] The type of the filter.
- operator: [String] The REST operator to use for the filter.

For example:
{
  “key”: “Status”,
  “values”: [
    “open”,
    “in_progress”
  ],
  “type”: “str”,
  “operator”: “in”
}
It is recommended to use the API request builder in Orca UI in order to generate the filter object.
Group ByA comma-separated list of the fields to group all results by.

The first property is the primary group, the second is the secondary, and so on.
LimitThe maximum number of items to retrieve in the request.
OffsetThe index of the first item to retrieve.
Order ByA comma-separated list of the properties to sort the results by in hierarchical order.

The first property is the primary sort, the second is the secondary, and so on.

Prefix a property with - for descending order.
SelectThe fields to include in the response.

Advanced Parameters

ParameterDescription
Full Graph FetchSelect to retrieve complete data for all related entities.
Include TotalSelect to include the total amount of available items in the response.
Max TierThe maximum depth level for for related entities data retrieval. Valid input range between 1-5.

Example Output

{
	"status": "success",
	"data": [
		{
			"id": "e739eb76-3d1a-4022-b5d0-360b10d44685_orca-1202834",
			"type": "Alert",
			"data": {
				"AlertId": {
					"value": "orca-1202834"
				},
				"AlertSource": {
					"value": "Orca Scan"
				},
				"AlertType": {
					"value": "Default Branch Should Require Code Review By At Least Two Reviewers"
				},
				"AssetData": {
					"value": {
						"asset_name": "Armor-test/data-tool-485",
						"asset_type": "cisource",
						"asset_vpcs": [],
						"asset_state": "enabled",
						"account_name": "Armor-test/data-tool-485 (Project: Armor-test/data-tool-485)",
						"asset_regions": [],
						"asset_category": "CI Source",
						"cloud_provider": "shiftleft",
						"cloud_vendor_id": "983240b0-ef8d-41f8-ba20-13c653c98dab",
						"asset_tags_info_list": [
							"retest_tag|maybe",
							"another_type|true",
							"nhi_not_again|aur testing na hogi khatam",
							"custom_sync_hf|hf test",
							"code_type_custom|ahaaaa"
						],
						"custom_tags_info_list": [],
						"cluster_type": null,
						"vm_id": null,
						"asset_labels": null,
						"resource_group_name": null,
						"cluster_name": "Armor-test/data-tool-485"
					}
				},
				"Category": {
					"value": "Best practices"
				},
				"CommentsCount": {
					"value": 0
				},
				"CreatedAt": {
					"value": "2025-08-22T13:44:08+00:00"
				},
				"CveIds": {
					"value": []
				},
				"Description": {
					"value": "In order to comply with separation of duties principle and enforce secure code practices, a code review should be mandatory using the source-code-management built-in enforcement. This option is found in the branch protection setting of the repository."
				},
				"Details": {
					"value": "In order to comply with separation of duties principle and enforce secure code practices, a code review should be mandatory using the source-code-management built-in enforcement. This option is found in the branch protection setting of the repository."
				},
				"IsLive": {
					"value": true
				},
				"Labels": {
					"value": [
						"shiftleft:scm_posture",
						"source:shiftleft",
						"source: Orca Scan"
					]
				},
				"LastSeen": {
					"value": "2025-10-11T21:13:06+00:00"
				},
				"LastUpdated": {
					"value": "2025-08-22T13:44:08+00:00"
				},
				"Name": {
					"value": "orca-1202834"
				},
				"OrcaScore": {
					"value": 5
				},
				"Recommendation": {
					"value": "Note: The remediation steps apply to legacy branch protections, rules set-based protection should be updated from the rules set page\n1. Make sure you have admin permissions\n2. Go to the repo's settings page\n3. Enter 'Branches' tab\n4. Under 'Branch protection rules'\n5. Click 'Edit' on the default branch rule\n6. Check 'Require a pull request before merging'\n7. Check 'Require approvals'\n8. Set 'Required number of approvals before merging' to 2 or more\n9. Click 'Save changes'"
				},
				"RelatedCompliances": {
					"value": []
				},
				"RemediationCli": {
					"value": []
				},
				"RemediationConsole": {
					"value": []
				},
				"RiskFindings": {
					"value": {
						"key": "scm_posture_github_repository_code_review_by_two_members_not_required",
						"scm": "github",
						"data": null,
						"type": "scm_posture",
						"title": "Default Branch Should Require Code Review By At Least Two Reviewers",
						"entity": "repository",
						"source": "branch_protection_rules",
						"threat": [
							"Users can merge code without being reviewed, which can lead to insecure code reaching the main branch and production.",
							"Requiring code review by at least two reviewers further decreases the risk of an insider threat (as merging code requires compromising at least 2 identities with write permissions), and decreases the likelihood of human error in the review process."
						],
						"details": "In order to comply with separation of duties principle and enforce secure code practices, a code review should be mandatory using the source-code-management built-in enforcement. This option is found in the branch protection setting of the repository.",
						"category": "Best practices",
						"priority": "MEDIUM",
						"control_id": "github_repository_code_review_by_two_members_not_required",
						"recommendation": "Note: The remediation steps apply to legacy branch protections, rules set-based protection should be updated from the rules set page\n1. Make sure you have admin permissions\n2. Go to the repo's settings page\n3. Enter 'Branches' tab\n4. Under 'Branch protection rules'\n5. Click 'Edit' on the default branch rule\n6. Check 'Require a pull request before merging'\n7. Check 'Require approvals'\n8. Set 'Required number of approvals before merging' to 2 or more\n9. Click 'Save changes'"
					}
				},
				"RiskLevel": {
					"value": "medium"
				},
				"RiskLevelTime": {
					"value": "2025-08-22T13:44:08+00:00"
				},
				"RuleId": {
					"value": "r97dbe4b7f3"
				},
				"RuleSource": {
					"value": "Orca"
				},
				"RuleType": {
					"value": "shiftleft_github_repository_code_review_by_two_members_not_required"
				},
				"Score": {
					"value": 3
				},
				"ScoreVector": {
					"value": {
						"AlertBaseScore": {
							"score": 5,
							"Features": [
								{
									"score": 1,
									"value": "Medium",
									"weight": 2,
									"category": "Attack Impact",
									"display_name": "Base Priority",
									"effect_level": 2,
									"impact_level": 5,
									"feature_description": "The base priority serves as the initial baseline for the alert, which might be adjusted based on specific contextual factors."
								}
							],
							"display_name": "Alert Base Score"
						}
					}
				},
				"Severity": {
					"value": "hazardous"
				},
				"Source": {
					"value": "branch_protection_rules"
				},
				"Status": {
					"value": "open"
				},
				"StatusTime": {
					"value": "2025-08-22T13:44:08+00:00"
				},
				"Title": {
					"value": "Default Branch Should Require Code Review By At Least Two Reviewers"
				},
				"cluster_unique_id": {
					"value": "CodeRepository_983240b0-ef8d-41f8-ba20-13c653c98dab_e739eb76-7487-b100-a5e2-8eee47473258"
				},
				"GroupUniqueId": {
					"value": "CodeRepository_983240b0-ef8d-41f8-ba20-13c653c98dab_e739eb76-7487-b100-a5e2-8eee47473258"
				},
				"last_sync": {
					"value": "2025-10-11T21:20:13+00:00"
				}
			},
			"name": "orca-1202834",
			"group_unique_id": "CodeRepository_983240b0-ef8d-41f8-ba20-13c653c98dab_e739eb76-7487-b100-a5e2-8eee47473258",
			"cluster_unique_id": "CodeRepository_983240b0-ef8d-41f8-ba20-13c653c98dab_e739eb76-7487-b100-a5e2-8eee47473258",
			"last_seen": "2025-10-11T21:14:15+00:00"
		}
	]
}

Workflow Library Example

Search Assets with Orca Security and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I