naftiko: 1.0.0-alpha2 info: label: Saasment SaaS Security Posture Management description: Unified workflow for SaaS security posture management, misconfiguration detection, compliance assessment, and cost optimization. Used by security teams to continuously monitor and improve their SaaS security posture. tags: - SaaS Security - SSPM - Cloud Security - Compliance - Cost Optimization - Misconfigurations created: '2026-05-02' modified: '2026-05-06' binds: - namespace: env keys: SAASMENT_API_TOKEN: SAASMENT_API_TOKEN capability: consumes: - type: http namespace: saasment baseUri: https://api.saasment.com/v1 description: Saasment SaaS security posture management and cost optimization API authentication: type: bearer token: '{{SAASMENT_API_TOKEN}}' resources: - name: security-posture path: /posture description: Security posture scoring and application monitoring operations: - name: get-posture-score method: GET description: Get overall SaaS security posture score and domain breakdown inputParameters: - name: app_ids in: query type: string required: false description: Comma-separated list of application IDs to filter outputRawFormat: json outputParameters: - name: result type: object value: $. - name: list-monitored-applications method: GET description: List all SaaS applications being monitored inputParameters: - name: page in: query type: integer required: false description: Page number - name: per_page in: query type: integer required: false description: Items per page outputRawFormat: json outputParameters: - name: result type: object value: $. - name: misconfigurations path: /misconfigurations description: Security misconfiguration detection and remediation operations: - name: list-misconfigurations method: GET description: List detected security misconfigurations across monitored applications inputParameters: - name: severity in: query type: string required: false description: 'Filter by severity: critical, high, medium, low, info' - name: app_id in: query type: string required: false description: Filter by application ID - name: status in: query type: string required: false description: 'Filter by status: open, in_progress, resolved, accepted' - name: page in: query type: integer required: false description: Page number outputRawFormat: json outputParameters: - name: result type: object value: $. - name: get-misconfiguration method: GET description: Get details of a specific misconfiguration inputParameters: - name: id in: path type: string required: true description: Misconfiguration ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: update-misconfiguration-status method: PATCH description: Update misconfiguration status (resolve, accept, etc.) inputParameters: - name: id in: path type: string required: true description: Misconfiguration ID outputRawFormat: json outputParameters: - name: result type: object value: $. body: type: json data: status: '{{tools.status}}' notes: '{{tools.notes}}' - name: compliance path: /compliance description: Compliance framework assessment and reporting operations: - name: list-compliance-frameworks method: GET description: List available compliance frameworks (SOC 2, ISO 27001, GDPR, etc.) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: list-compliance-assessments method: GET description: List compliance assessment results by framework and application inputParameters: - name: framework_id in: query type: string required: false description: Filter by framework ID - name: app_id in: query type: string required: false description: Filter by application ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: cost-optimization path: /cost description: SaaS and cloud cost optimization recommendations operations: - name: list-cost-recommendations method: GET description: List cost optimization recommendations including unused licenses inputParameters: - name: app_id in: query type: string required: false description: Filter by application ID - name: min_savings in: query type: number required: false description: Minimum estimated annual savings outputRawFormat: json outputParameters: - name: result type: object value: $. - name: get-cost-summary method: GET description: Get summary of SaaS/cloud spend with optimization potential outputRawFormat: json outputParameters: - name: result type: object value: $. - name: integrations path: /integrations description: SaaS application integration management operations: - name: list-integrations method: GET description: List configured SaaS application integrations outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-integration method: POST description: Connect a new SaaS application for monitoring outputRawFormat: json outputParameters: - name: result type: object value: $. body: type: json data: app_type: '{{tools.app_type}}' credentials: '{{tools.credentials}}' - name: alerts path: /alerts description: Security alert management operations: - name: list-alerts method: GET description: List security alerts generated by posture monitoring inputParameters: - name: severity in: query type: string required: false description: Filter by severity - name: status in: query type: string required: false description: Filter by status - name: page in: query type: integer required: false description: Page number outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: saas-security-posture-api description: Unified REST API for SaaS security posture management and cost optimization. resources: - path: /v1/posture/score name: posture-score description: Security posture scoring operations: - method: GET name: get-posture-score description: Get overall SaaS security posture score with domain breakdown call: saasment.get-posture-score outputParameters: - type: object mapping: $. - path: /v1/posture/applications name: monitored-applications description: Monitored SaaS applications operations: - method: GET name: list-monitored-applications description: List all monitored SaaS applications call: saasment.list-monitored-applications outputParameters: - type: object mapping: $. - path: /v1/misconfigurations name: misconfigurations description: Security misconfigurations operations: - method: GET name: list-misconfigurations description: List security misconfigurations by severity and status call: saasment.list-misconfigurations with: severity: rest.severity status: rest.status outputParameters: - type: object mapping: $. - path: /v1/misconfigurations/{id} name: misconfiguration description: Individual misconfiguration management operations: - method: GET name: get-misconfiguration description: Get misconfiguration details and remediation steps call: saasment.get-misconfiguration with: id: rest.id outputParameters: - type: object mapping: $. - method: PATCH name: update-misconfiguration-status description: Update misconfiguration remediation status call: saasment.update-misconfiguration-status with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/compliance/frameworks name: compliance-frameworks description: Available compliance frameworks operations: - method: GET name: list-compliance-frameworks description: List available compliance frameworks call: saasment.list-compliance-frameworks outputParameters: - type: object mapping: $. - path: /v1/compliance/assessments name: compliance-assessments description: Compliance assessment results operations: - method: GET name: list-compliance-assessments description: List compliance assessment results call: saasment.list-compliance-assessments outputParameters: - type: object mapping: $. - path: /v1/cost/summary name: cost-summary description: Cost optimization summary operations: - method: GET name: get-cost-summary description: Get SaaS/cloud spend summary with optimization potential call: saasment.get-cost-summary outputParameters: - type: object mapping: $. - path: /v1/cost/recommendations name: cost-recommendations description: Cost optimization recommendations operations: - method: GET name: list-cost-recommendations description: List cost optimization recommendations call: saasment.list-cost-recommendations outputParameters: - type: object mapping: $. - path: /v1/integrations name: integrations description: SaaS application integrations operations: - method: GET name: list-integrations description: List configured SaaS integrations call: saasment.list-integrations outputParameters: - type: object mapping: $. - method: POST name: create-integration description: Connect a new SaaS application call: saasment.create-integration outputParameters: - type: object mapping: $. - path: /v1/alerts name: security-alerts description: Security alerts operations: - method: GET name: list-alerts description: List security alerts call: saasment.list-alerts outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: saas-security-posture-mcp transport: http description: MCP server for AI-assisted SaaS security posture management and cost optimization. tools: - name: get-posture-score description: Get overall SaaS security posture score with breakdown by security domain hints: readOnly: true openWorld: false call: saasment.get-posture-score outputParameters: - type: object mapping: $. - name: list-monitored-applications description: List all SaaS applications currently being monitored for security issues hints: readOnly: true openWorld: false call: saasment.list-monitored-applications outputParameters: - type: object mapping: $. - name: list-misconfigurations description: List detected security misconfigurations with severity levels and remediation guidance hints: readOnly: true openWorld: false call: saasment.list-misconfigurations with: severity: tools.severity app_id: tools.app_id status: tools.status outputParameters: - type: object mapping: $. - name: get-misconfiguration description: Get detailed information about a specific misconfiguration including remediation steps hints: readOnly: true openWorld: false call: saasment.get-misconfiguration with: id: tools.id outputParameters: - type: object mapping: $. - name: update-misconfiguration-status description: Update the remediation status of a misconfiguration (resolve, accept risk, etc.) hints: readOnly: false destructive: false idempotent: true call: saasment.update-misconfiguration-status with: id: tools.id status: tools.status notes: tools.notes outputParameters: - type: object mapping: $. - name: list-compliance-frameworks description: List available compliance frameworks for assessment (SOC 2, ISO 27001, GDPR, etc.) hints: readOnly: true openWorld: false call: saasment.list-compliance-frameworks outputParameters: - type: object mapping: $. - name: list-compliance-assessments description: List compliance assessment results showing pass/fail status per control hints: readOnly: true openWorld: false call: saasment.list-compliance-assessments with: framework_id: tools.framework_id app_id: tools.app_id outputParameters: - type: object mapping: $. - name: get-cost-summary description: Get summary of total SaaS spend and potential cost savings hints: readOnly: true openWorld: false call: saasment.get-cost-summary outputParameters: - type: object mapping: $. - name: list-cost-recommendations description: List cost optimization recommendations for unused licenses and redundant subscriptions hints: readOnly: true openWorld: false call: saasment.list-cost-recommendations with: app_id: tools.app_id min_savings: tools.min_savings outputParameters: - type: object mapping: $. - name: list-integrations description: List all configured SaaS application integrations and their connection status hints: readOnly: true openWorld: false call: saasment.list-integrations outputParameters: - type: object mapping: $. - name: create-integration description: Connect a new SaaS application to Saasment for security monitoring hints: readOnly: false destructive: false idempotent: false call: saasment.create-integration with: app_type: tools.app_type credentials: tools.credentials outputParameters: - type: object mapping: $. - name: list-alerts description: List security alerts generated by posture monitoring with severity and status hints: readOnly: true openWorld: false call: saasment.list-alerts with: severity: tools.severity status: tools.status outputParameters: - type: object mapping: $.