Risk Library

The Risk Library is a collection of Risks that can be copied into a Risk Register. The help docs have more information.

List Risk Libraries

Find Library Risks by search terms and filters.

🔒 Requires Risk Management: List Risks permission.

💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.

Securitybearer

Request

query Parameters

cursor	string This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a `pagination.cursor` value that can be used in the subsequent request to retrieve the next page of results
size	number [ 1 .. 500 ] Default: 50 Number of results to return
sort	string (SortTypeLimitedEnum) Which field to sort by Enum: "createdAt" "updatedAt" "name"
sortDir	string (SortDirectionEnum) The direction to sort the data Enum: "ASC" "DESC"
includeTotalCount	boolean Default: false Include total count of all matching records in response. Only honored on first page (when cursor is null). Example: includeTotalCount=false
riskId	string Filter by Risk ID. Searches for risks whose ID starts with the provided value (e.g., "AA" matches "AA-01", "AA-02"). Example: riskId=AA-01
title	string Filter by Title. Searches for risks whose title contains the provided text anywhere in the field (case-insensitive). Example: title=Activity Log Evaluation
description	string Filter by Description. Searches for risks whose description contains the provided text anywhere in the field (case-insensitive). Example: description=Unauthorized System Access
expand[]	Array of strings (RiskLibraryExpandEnum) List of subcollections and sub-objects to expand Items Enum: "controls" "categories"

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-library

Request samples

Response samples

application/json

{"data": [{"id": 1,
"riskId": "AC-04",
"title": "Password Management - Password Cracking",
"description": "An attacker attempts to gain access to organizational information by guessing passwords.",
"controls": [{"id": 10,
"code": "AC-2",
"name": "Account Management",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"categories": [{"id": 1,
"name": "Access Control",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
]
}
],
"pagination": {"cursor": "string"
}
}

Get Risk Library Item by ID.

Get Risk Library

🔒 Requires Risk Management: Get Risk permission.

💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.

Securitybearer

Request

path Parameters

required

number or string

An integer Risk Library ID or string Risk Library ID prefixed with riskId:

query Parameters

expand[]

Array of strings (RiskLibraryExpandEnum)

List of subcollections and sub-objects to expand

Items Enum: "controls" "categories"

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-library/{riskLibraryId}

Request samples

Response samples

application/json

{"id": 1,
"riskId": "AC-04",
"title": "Password Management - Password Cracking",
"description": "An attacker attempts to gain access to organizational information by guessing passwords.",
"controls": [{"id": 10,
"code": "AC-2",
"name": "Account Management",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"categories": [{"id": 1,
"name": "Access Control",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
]
}

Copies Risk Library Items to a Risk Register.

Copy Risk Library Items to Register

🔒 Requires Risk Management: Create Risk permission.

💎 Requires your account have the Risk Management Pro feature. Contact your CSM for help upgrading.

Securitybearer

Request

Request Body schema: application/json
required

bulkActionType required	string The copy action to perform on from Risk Library to the Risk Register. Enum: "COPY_BY_IDS" "COPY_BY_GROUPS"
riskIds required	Array of strings non-empty An array of the Risk IDs that you want to copy from Risk Library to the Risk Register.
riskGroups required	Array of strings non-empty An array of the Risk Groups that you want to copy from Risk Library to the Risk Register. Items Enum: "WIZARD_CORE" "AI_DEVELOPMENT" "AI_USE" "PHYSICAL_SITE" "CLOUD_ENVIRONMENT" "UNSECURE_DEVICES" "DEVICE_DELIVERY" "SOFTWARE_DEVELOPMENT" "REGULATORY_REQUIREMENTS"
registerId required	number The Register ID to copy the Risks to.

Responses

201

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

post/risk-library/action-copy

Request samples

application/json

{"bulkActionType": "COPY_BY_IDS",
"riskIds": ["AA-01",
"AA-02",
"AA-03"
],
"riskGroups": ["CLOUD_ENVIRONMENT"
],
"registerId": 1
}

Response samples

application/json

{"data": [{"id": 100,
"riskId": "AC-04",
"title": "Password Management - Password Cracking",
"description": "An attacker attempts to gain access to organizational information by guessing passwords.",
"registerId": 5
}
]
}

Risk Library

List Risk Libraries

query Parameters

Get Risk Library Item by ID.

path Parameters

query Parameters

Copies Risk Library Items to a Risk Register.

Request Body schema: application/jsonrequired

Request Body schema: application/json
required