RiskItem
/api/v1/risk-itemsA tracked risk with likelihood, impact, and mitigation.
listgetcreateupdateSchema
| Field | Type | Notes |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | frontend | backend | server | system | apiWhere the write originated. Defaults to 'api'. |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| title | string | Short, descriptive title of the risk. |
| description | string | Detailed description of the risk, including the threat source, vulnerability exploited, and potential business impact. |
| category | string | Business category of the risk. Used to route risks to the appropriate risk owner team and generate category-specific risk dashboards. |
| likelihood | string | Qualitative likelihood rating representing the probability that this risk will materialize. Maps to numeric values 1–5 for risk score computation. |
| impact | string | Qualitative impact rating representing the magnitude of harm if this risk materializes. Maps to numeric values 1–5 for risk score computation. |
| risk_score | number | Computed risk score (likelihood × impact), where each dimension maps to 1–5. Range is 1 (lowest) to 25 (highest). Set by the platform whenever likelihood or imp |
| status | string | Current treatment status. 'mitigating' means active work is underway to reduce the risk. 'accepted' means the risk has been formally accepted by an authorized s |
| owner | uuid | UUID of the Person responsible for managing and reporting on this risk item. |
| linked_vulnerability_ids | json | UUIDs of Vulnerability records that contribute to or evidence this risk. |
| linked_control_ids | json | UUIDs of ComplianceControl records that mitigate or address this risk. |
| mitigation_plan | string | Documented plan for mitigating or treating this risk, including actions, timelines, and responsible parties. |
| due_date | date-time | Target date by which this risk should be mitigated, accepted, or closed. |
API
client.risk.*Loading manifest…