ARMO Network and Runtime Policies API

Generate and manage hardening policies from observed runtime behavior. Retrieve and generate Kubernetes network policies, generate and list seccomp profiles, and create runtime policies and their exceptions.

OpenAPI Specification

armosec-openapi.yml Raw ↑
openapi: 3.0.3
info:
  title: ARMO Platform API
  description: >-
    The ARMO Platform API exposes ARMO's cloud-native and Kubernetes security
    data over REST. ARMO is the company behind the open-source Kubescape project;
    ARMO Platform is a runtime-driven CNAPP covering Kubernetes Security Posture
    Management (KSPM), vulnerability and image scanning, compliance frameworks,
    network and seccomp policy generation, security-risk correlation, attack
    chains, and runtime Cloud Application Detection and Response (CADR).

    Authentication uses an account access key (Agent Access Key) generated in the
    ARMO Platform under Settings, sent in the `X-API-KEY` request header. Requests
    are made against the regional base URL - `https://api.armosec.io/api/v1` for
    the EU region or `https://api.us.armosec.io/api/v1` for the US region.

    This description is honestly modeled from ARMO's public API reference and
    OpenAPI/Swagger documentation. Paths and methods reflect the documented
    reference; request and response schemas are simplified and returned data
    requires a connected ARMO account with reporting clusters. Verify exact
    payloads against the live Swagger UI at
    https://api.armosec.io/openapi/v2/swaggerui.
  version: '1.0'
  contact:
    name: ARMO
    url: https://www.armosec.io
  license:
    name: ARMO Platform Terms
    url: https://www.armosec.io/terms-of-service/
servers:
  - url: https://api.armosec.io/api/v1
    description: EU region
  - url: https://api.us.armosec.io/api/v1
    description: US region
security:
  - apiKeyAuth: []
tags:
  - name: Vulnerabilities
    description: Image and workload vulnerability scanning and results.
  - name: Posture
    description: KSPM posture and compliance framework results.
  - name: Clusters
    description: Connected clusters and workloads.
  - name: Runtime
    description: Runtime incidents (CADR), network and runtime policies.
  - name: Security Risks
    description: Correlated security risks and attack chains.
  - name: Registry
    description: Container registry scanning.
  - name: Integrations
    description: Jira and collaboration/notification integrations.
  - name: Access Keys
    description: Account API access key management.
paths:
  /vulnerability/scan:
    post:
      operationId: issueVulnerabilityScan
      tags:
        - Vulnerabilities
      summary: Issue a vulnerability scan
      description: Issues a vulnerability scan for a specific context or workload.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ScanRequest'
      responses:
        '200':
          description: Scan accepted.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerability/scanResults/summary:
    post:
      operationId: getVulnerabilityScanSummary
      tags:
        - Vulnerabilities
      summary: Get vulnerability scan summary
      description: Returns a summary of a vulnerability scan.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Scan summary.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerability/scanResults/details:
    post:
      operationId: getVulnerabilityScanDetails
      tags:
        - Vulnerabilities
      summary: Get vulnerability scan details
      description: Returns a detailed list of vulnerabilities from a scan.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Detailed vulnerability list.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerability/severity:
    post:
      operationId: getVulnerabilitySeverity
      tags:
        - Vulnerabilities
      summary: Get vulnerability severity roll-up
      description: Returns severity "big numbers" from the latest scan.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Severity roll-up.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerability/topVulnerabilities:
    post:
      operationId: getTopVulnerabilities
      tags:
        - Vulnerabilities
      summary: Get top vulnerabilities
      description: Returns the list of top vulnerabilities.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Top vulnerabilities.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerabilities/list:
    post:
      operationId: listVulnerabilities
      tags:
        - Vulnerabilities
      summary: List vulnerabilities
      description: Retrieves a filtered, paginated list of vulnerabilities (CVEs).
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: A list of vulnerabilities.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerabilities/components/list:
    post:
      operationId: listVulnerabilitiesByComponent
      tags:
        - Vulnerabilities
      summary: List vulnerabilities by component
      description: Retrieves vulnerabilities scoped to software components/packages.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: A list of vulnerabilities by component.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerabilities/images/list:
    post:
      operationId: listVulnerabilitiesByImage
      tags:
        - Vulnerabilities
      summary: List vulnerabilities by image
      description: Retrieves vulnerabilities scoped to container images.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: A list of vulnerabilities by image.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /vulnerability/exception:
    get:
      operationId: listVulnerabilityExceptions
      tags:
        - Vulnerabilities
      summary: List vulnerability exceptions
      responses:
        '200':
          description: Vulnerability exceptions.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createVulnerabilityException
      tags:
        - Vulnerabilities
      summary: Create a vulnerability exception
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    put:
      operationId: updateVulnerabilityException
      tags:
        - Vulnerabilities
      summary: Update a vulnerability exception
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Updated.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    delete:
      operationId: deleteVulnerabilityException
      tags:
        - Vulnerabilities
      summary: Delete a vulnerability exception
      responses:
        '200':
          description: Deleted.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /posture/frameworks:
    post:
      operationId: getPostureFrameworks
      tags:
        - Posture
      summary: Get posture scan summary per framework
      description: Returns the scan summary for each compliance framework.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Per-framework summaries.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /posture/controls:
    post:
      operationId: getPostureControls
      tags:
        - Posture
      summary: Get posture control results
      description: Returns the list of posture controls and their run results.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Control results.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /posture/controls/sections:
    post:
      operationId: getPostureControlSections
      tags:
        - Posture
      summary: Get framework sections
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Framework sections.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /posture/resources:
    post:
      operationId: getPostureResources
      tags:
        - Posture
      summary: Get resources affected by posture issues
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Affected resources.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /posture/exception:
    get:
      operationId: listPostureExceptions
      tags:
        - Posture
      summary: List posture exceptions
      responses:
        '200':
          description: Posture exceptions.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createPostureException
      tags:
        - Posture
      summary: Create a posture exception
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    put:
      operationId: updatePostureException
      tags:
        - Posture
      summary: Update a posture exception
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Updated.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    delete:
      operationId: deletePostureException
      tags:
        - Posture
      summary: Delete a posture exception
      responses:
        '200':
          description: Deleted.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /repositoryPosture/repositories:
    post:
      operationId: getRepositoryPostureRepositories
      tags:
        - Posture
      summary: Get repository (IaC) posture summary by repository
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Repository posture summary.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /repositoryPosture/failedControls:
    post:
      operationId: getRepositoryPostureFailedControls
      tags:
        - Posture
      summary: Get failed controls summary for repository posture
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Failed controls summary.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /clusters/overtime:
    post:
      operationId: getClustersOvertime
      tags:
        - Clusters
      summary: Get clusters list with history
      description: Returns the list of connected clusters with historical posture over time.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: Clusters with history.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /workload/list:
    post:
      operationId: listWorkloads
      tags:
        - Clusters
      summary: List workloads
      description: Retrieves workloads with their vulnerability and posture context.
      requestBody:
        $ref: '#/components/requestBodies/ListQuery'
      responses:
        '200':
          description: A list of workloads.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /security/risks:
    get:
      operationId: listSecurityRisks
      tags:
        - Security Risks
      summary: List security risks
      description: Retrieves the list of correlated security risks.
      responses:
        '200':
          description: A list of security risks.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /security/risks/resources:
    get:
      operationId: listSecurityRiskResources
      tags:
        - Security Risks
      summary: List security-risk resources
      description: Retrieves resources associated with security risks.
      responses:
        '200':
          description: A list of resources.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /security/risks/severities:
    get:
      operationId: getSecurityRiskSeverities
      tags:
        - Security Risks
      summary: Get security-risk severity summary
      responses:
        '200':
          description: Severity summary.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /attack/chains:
    get:
      operationId: getAttackChains
      tags:
        - Security Risks
      summary: Get attack chains
      description: Retrieves attack chains matching the provided filters.
      responses:
        '200':
          description: Attack chains.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtime/incidents:
    get:
      operationId: listRuntimeIncidents
      tags:
        - Runtime
      summary: List runtime incidents
      description: Retrieves all runtime incidents detected by ARMO's runtime sensor.
      responses:
        '200':
          description: A list of runtime incidents.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtime/incidents/severity:
    get:
      operationId: getRuntimeIncidentsSeverity
      tags:
        - Runtime
      summary: Get runtime incidents grouped by severity
      responses:
        '200':
          description: Incidents grouped by severity.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtime/incidents/{incidentGUID}/alerts:
    parameters:
      - $ref: '#/components/parameters/IncidentGUID'
    get:
      operationId: getRuntimeIncidentAlerts
      tags:
        - Runtime
      summary: Get alerts for an incident
      responses:
        '200':
          description: Incident alerts.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /runtime/incidents/{incidentGUID}/explain:
    parameters:
      - $ref: '#/components/parameters/IncidentGUID'
    post:
      operationId: explainRuntimeIncident
      tags:
        - Runtime
      summary: Explain a runtime incident
      description: Returns a detailed explanation for the specified incident.
      responses:
        '200':
          description: Incident explanation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /runtime/incidents/{incidentGUID}/resolve:
    parameters:
      - $ref: '#/components/parameters/IncidentGUID'
    post:
      operationId: resolveRuntimeIncident
      tags:
        - Runtime
      summary: Resolve a runtime incident
      responses:
        '200':
          description: Resolved.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /runtime/incidents/{incidentGUID}/unresolve:
    parameters:
      - $ref: '#/components/parameters/IncidentGUID'
    post:
      operationId: unresolveRuntimeIncident
      tags:
        - Runtime
      summary: Unresolve a runtime incident
      responses:
        '200':
          description: Unresolved.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /network/policies:
    get:
      operationId: listNetworkPolicies
      tags:
        - Runtime
      summary: List network policies
      description: Retrieves generated Kubernetes network policies.
      responses:
        '200':
          description: Network policies.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /network/policies/generate:
    post:
      operationId: generateNetworkPolicies
      tags:
        - Runtime
      summary: Generate network policies
      description: Generates Kubernetes network policies for the specified workloads from observed traffic.
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Generated network policies.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtime/seccomp/list:
    get:
      operationId: listSeccompProfiles
      tags:
        - Runtime
      summary: List seccomp resources
      responses:
        '200':
          description: Seccomp resources.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtime/seccomp/generate:
    post:
      operationId: generateSeccompProfiles
      tags:
        - Runtime
      summary: Generate seccomp profiles
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Generated seccomp profiles.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtime/policy/create:
    post:
      operationId: createRuntimePolicy
      tags:
        - Runtime
      summary: Create a runtime policy
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /runtime/policy/exception/create:
    post:
      operationId: createRuntimePolicyException
      tags:
        - Runtime
      summary: Create a runtime policy exception
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /registry/scan:
    post:
      operationId: issueRegistryScan
      tags:
        - Registry
      summary: Issue a registry scan or set scheduler
      description: Issues a container registry scan or sets a scan scheduler (cron).
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Scan accepted.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    put:
      operationId: updateRegistryScan
      tags:
        - Registry
      summary: Update the registry scan cron job
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Updated.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    delete:
      operationId: deleteRegistryScan
      tags:
        - Registry
      summary: Delete the registry scan cron job
      responses:
        '200':
          description: Deleted.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /integrations/jira/config:
    get:
      operationId: getJiraConfig
      tags:
        - Integrations
      summary: Get Jira configuration
      responses:
        '200':
          description: Jira configuration.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: saveJiraConfig
      tags:
        - Integrations
      summary: Save Jira configuration
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Saved.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /integrations/jira/issueV2:
    post:
      operationId: createJiraIssue
      tags:
        - Integrations
      summary: Create a Jira issue (ticket)
      description: Creates a Jira issue/ticket from an ARMO finding.
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /collaboration/config:
    post:
      operationId: createCollaborationConfig
      tags:
        - Integrations
      summary: Create a collaboration configuration
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /collaboration/share:
    post:
      operationId: shareCollaboration
      tags:
        - Integrations
      summary: Share data using a collaboration config
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Shared.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /authentication/accessKeys:
    get:
      operationId: listAccessKeys
      tags:
        - Access Keys
      summary: List access keys
      responses:
        '200':
          description: A list of access keys.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createAccessKey
      tags:
        - Access Keys
      summary: Create an access key
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Created access key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    put:
      operationId: updateAccessKey
      tags:
        - Access Keys
      summary: Update an access key
      requestBody:
        $ref: '#/components/requestBodies/GenericBody'
      responses:
        '200':
          description: Updated.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /authentication/accessKeys/{guid}:
    parameters:
      - name: guid
        in: path
        required: true
        description: The GUID of the access key.
        schema:
          type: string
    get:
      operationId: getAccessKey
      tags:
        - Access Keys
      summary: Get an access key by GUID
      responses:
        '200':
          description: The access key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    delete:
      operationId: deleteAccessKey
      tags:
        - Access Keys
      summary: Delete an access key
      responses:
        '200':
          description: Deleted.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-API-KEY
      description: >-
        Account access key (Agent Access Key) generated in ARMO Platform under
        Settings, sent in the X-API-KEY header.
  parameters:
    IncidentGUID:
      name: incidentGUID
      in: path
      required: true
      description: The GUID of the runtime incident.
      schema:
        type: string
  requestBodies:
    ListQuery:
      required: false
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ListQuery'
    GenericBody:
      required: true
      content:
        application/json:
          schema:
            type: object
            additionalProperties: true
  responses:
    Unauthorized:
      description: Missing or invalid X-API-KEY.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: The requested resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    Error:
      type: object
      properties:
        error:
          type: string
        message:
          type: string
    GenericResponse:
      type: object
      additionalProperties: true
    ListQuery:
      type: object
      description: >-
        ARMO's list endpoints accept a common query body with pagination,
        sorting, and field filters. Exact filter keys vary per resource.
      properties:
        pageSize:
          type: integer
          default: 50
        pageNum:
          type: integer
          default: 1
        orderBy:
          type: string
        innerFilters:
          type: array
          items:
            type: object
            additionalProperties: true
        since:
          type: string
          format: date-time
    ListResponse:
      type: object
      properties:
        total:
          type: object
          properties:
            value:
              type: integer
        response:
          type: array
          items:
            type: object
            additionalProperties: true
      additionalProperties: true