Risk Notes

Risk Notes allow you to provide additional information about Risks.

List Risk Notes

Find Risk Notes matching the provided filters.

🔒 Requires Risk Management: Get Risk Note permission.

Securitybearer

Request

path Parameters

riskRegisterId required	number In the near future risks will be scoped under risk registers, for now always use a value of 1 Example: 1
required	number or string An integer Risk ID or string Risk ID prefixed with `riskId:`

query Parameters

cursor	string This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a `pagination.cursor` value that can be used in the subsequent request to retrieve the next page of results
size	number [ 1 .. 50 ] Default: 20 Number of results to return
sort	string (SortTypeLimitedEnum) Which field to sort by Enum: "createdAt" "updatedAt"
sortDir	string (SortDirectionEnum) The direction to sort the data Enum: "ASC" "DESC"
expand[]	Array of strings (RiskNotesExpandEnum) List of subcollections and sub-objects to expand Items Value: "owner"

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-registers/{riskRegisterId}/risks/{riskId}/notes

Request samples

Response samples

application/json

{"data": [{"id": 123,
"comment": "string",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"owner": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
}
],
"pagination": {"cursor": "string"
}
}

Get Risk Note

Get a Note associated with a given Risk.