Should I Deploy
should_i_deployEvaluate a deployment candidate against security graph exposure risk to get an allow, warn, or block decision for pre-deployment gating.
Instructions
Return an allow / warn / block deploy decision from graph exposure risk.
Resolves a deployment candidate against the latest security-graph
snapshot, ranks its reachable ExposurePaths by risk score, and maps the
top score to a gate decision using the warn/block thresholds.
Args:
candidate: Package, resource, CVE, graph node ID, or deployment
label to evaluate.
tenant_id: Tenant whose graph snapshot to read (default ``default``).
scan_id: Specific graph scan ID; omit to use the latest snapshot.
limit: Maximum matched exposure paths to return (1-25).
warn_risk: Risk score at or above which the decision becomes warn.
block_risk: Risk score at or above which the decision becomes block.
Returns:
JSON with the ``decision`` (allow/warn/block), the driving risk
score, and the ranked exposure paths behind it.
Call this as a pre-deployment gate to get a single machine-readable
verdict instead of interpreting raw findings.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Maximum matched exposure paths to return. | |
| scan_id | No | Optional graph scan ID. Omit to use the latest snapshot. | |
| candidate | Yes | Candidate package, resource, CVE, node ID, or deployment label to evaluate. | |
| tenant_id | No | Tenant ID for the graph snapshot. Defaults to 'default'. | default |
| warn_risk | No | Risk score at or above which the decision becomes warn. | |
| block_risk | No | Risk score at or above which the decision becomes block. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |