Skip to main content

Overview

The Comments API enables team collaboration through threaded discussions on vulnerabilities. All comment operations enforce team-based access control to ensure data isolation.

Server Actions

addComment

Add a comment to a vulnerability.
vulnerabilityId
string
required
The ID of the vulnerability to comment on
content
string
required
The comment text content
Returns:
success
boolean
Whether the operation succeeded
data
object
The created comment object
Example: 
import { addComment } from '@/app/actions/comments'

const result = await addComment(
  'vuln_123',
  'This vulnerability affects our production API endpoints'
)

if (result.success) {
  console.log('Comment added:', result.data)
}
Authorization:
  • User must belong to the same team as the vulnerability
  • Logs audit trail entry
  • Revalidates vulnerability page cache

getComments

Retrieve all comments for a vulnerability.
vulnerabilityId
string
required
The ID of the vulnerability
Returns:
success
boolean
Whether the operation succeeded
data
array
Array of comment objects, ordered by creation date (newest first)
Example: 
import { getComments } from '@/app/actions/comments'

const result = await getComments('vuln_123')

if (result.success) {
  result.data.forEach(comment => {
    console.log(`${comment.user.name}: ${comment.content}`)
  })
}
Authorization:
  • User must belong to the same team as the vulnerability
  • Returns empty array if unauthorized

Security

Team Isolation

All comment operations verify that:
  1. User is authenticated
  2. User belongs to a team
  3. Vulnerability belongs to the same team
  4. Cross-team access is prevented

Audit Logging

Comment creation is logged to the audit trail with:
  • Action type: ADD_COMMENT
  • Entity type: Vulnerability
  • Entity ID: vulnerability ID
  • Details: User email who added the comment

Use Cases

Team members can discuss impact, affected systems, and remediation strategies directly on vulnerability entries.
Document remediation progress, testing results, and verification steps as comments for audit trail.
Analysts can request additional information or clarification from vulnerability reporters through comments.
Provide status updates or priority changes through comments visible to all team members.

Vulnerabilities

Manage vulnerability entries

Notifications

Get notified about new comments

Build docs developers (and LLMs) love

Get started for freeTalk to us