lacework · michaelhsiehlw · Feb 11, 2026 · Feb 9, 2026 · Feb 9, 2026 · Feb 10, 2026
@@ -77,6 +77,7 @@ const (
 	apiV2ConfigsGcpProjects        = "v2/Configs/GcpProjects?orgId=%s"
 
 	apiV2FeatureFlags = "v2/FeatureFlags"
+	apiV2Frameworks   = "v2/Frameworks"
 
 	apiV2Policies        = "v2/Policies"
 	apiV2Queries         = "v2/Queries"

@@ -0,0 +1,61 @@
+//
+// Author:: Darren Murray (<darren.murray@lacework.net>)
+// Copyright:: Copyright 2022, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package api
+
+import (
+	"time"
+)
+
+// FrameworksService is a service that interacts with the Frameworks
+// endpoints from the Lacework APIv2 Server
+type FrameworksService struct {
+	client *Client
+}
+
+// List returns a FrameworksResponse
+func (svc *FrameworksService) List() (response FrameworksResponse, err error) {
+	err = svc.client.RequestDecoder("GET", apiV2Frameworks, nil, &response)
+	return
+}
+
+type FrameworksResponse struct {
+	Data []Framework `json:"data"`
+}
+
+type FrameworkResponse struct {
+	Data Framework `json:"data"`
+}
+
+type Framework struct {
+	Name           string     `json:"name" yaml:"name"`
+	Domains        []string   `json:"domains" yaml:"domains"`
+	Sections       []Section  `json:"sections" yaml:"sections"`
+	Owner          string     `json:"owner" yaml:"owner"`
+	Revision       int        `json:"revision" yaml:"revision"`
+	LastUpdateTime *time.Time `json:"lastUpdateTime" yaml:"lastUpdateTime"`
+	LastUpdateUser string     `json:"lastUpdateUser" yaml:"lastUpdateUser"`
+	CreatedTime    *time.Time `json:"createdTime" yaml:"createdTime"`
+	CreatedBy      string     `json:"createdBy" yaml:"createdBy"`
+	Guid           string     `json:"guid" yaml:"guid"`
+}
+
+type Section struct {
+	Name     string   `json:"name" yaml:"name"`
+	Policies []Policy `json:"policies" yaml:"policies"`
+}
@@ -43,6 +43,7 @@ type V2Endpoints struct {
 	ContainerRegistries       *ContainerRegistriesService
 	Configs                   *v2ConfigService
 	FeatureFlags              *FeatureFlagsService
+	Frameworks                *FrameworksService
 	ResourceGroups            *ResourceGroupsService
 	AgentAccessTokens         *AgentAccessTokensService
 	AgentInfo                 *AgentInfoService
@@ -81,6 +82,7 @@ func NewV2Endpoints(c *Client) *V2Endpoints {
 		&ContainerRegistriesService{c},
 		NewV2ConfigService(c),
 		&FeatureFlagsService{c},
+		&FrameworksService{c},
 		&ResourceGroupsService{c},
 		&AgentAccessTokensService{c},
 		&AgentInfoService{c},

@@ -547,26 +547,23 @@ func prettyPrintReportTypes(reportTypes []string) string {
 	return sb.String()
 }
 
-func validReportName(cloud string, name string) error {
+func validateReportName(name string) error {
 	var validReportNames []string
-	definitions, err := cli.LwApi.V2.ReportDefinitions.List()
+	frameworks, err := cli.LwApi.V2.Frameworks.List()
 	if err != nil {
-		return errors.Wrap(err, "unable to list report definitions")
+		return errors.Wrap(err, "unable to list report frameworks")
 	}
 
-	for _, d := range definitions.Data {
-		if d.SubReportType == cloud {
-			validReportNames = append(validReportNames, d.ReportName)
-		}
+	for _, d := range frameworks.Data {
+		validReportNames = append(validReportNames, d.Name)
 	}
 
 	if array.ContainsStr(validReportNames, name) {
 		return nil
 	}
 
 	return errors.Errorf(
-		"'%s' is not a valid report name.\n"+
-			"Run 'lacework report-definition list --subtype %s' for a list of valid report names",
-		name, cloud,
+		"'%s' is not a valid report name",
+		name,
 	)
 }
@@ -79,7 +79,7 @@ var (
 
 			// validate report_name
 			if cmd.Flags().Changed("report_name") {
-				return validReportName(api.ReportDefinitionSubTypeAws.String(), compAwsCmdState.ReportName)
+				return validateReportName(compAwsCmdState.ReportName)
 			}
 
 			if cmd.Flags().Changed("type") && !array.ContainsStr(api.AwsReportTypes(), compAwsCmdState.Type) {

@@ -136,7 +136,7 @@ Use the following command to list all Azure Tenants configured in your account:
 
 			// validate report_name
 			if cmd.Flags().Changed("report_name") {
-				return validReportName(api.ReportDefinitionSubTypeAzure.String(), compAzCmdState.ReportName)
+				return validateReportName(compAzCmdState.ReportName)
 			}
 
 			if cmd.Flags().Changed("type") && !array.ContainsStr(api.AzureReportTypes(), compAzCmdState.Type) {

@@ -135,7 +135,7 @@ Then, select one GUID from an integration and visualize its details using the co
 
 			// validate report_name
 			if cmd.Flags().Changed("report_name") {
-				return validReportName(api.ReportDefinitionSubTypeGcp.String(), compGcpCmdState.ReportName)
+				return validateReportName(compGcpCmdState.ReportName)
 			}
 
 			if cmd.Flags().Changed("type") && !array.ContainsStr(api.GcpReportTypes(), compGcpCmdState.Type) {

@@ -168,7 +168,7 @@ func TestComplianceAwsGetReportTypeAWS_SOC_2(t *testing.T) {
 
 func TestComplianceAwsGetReportByName(t *testing.T) {
 	account := os.Getenv("LW_INT_TEST_AWS_ACC")
-	out, err, exitcode := LaceworkCLIWithTOMLConfig("compliance", "aws", "get-report", account, "--report_name", "AWS CSA CCM 4.0.5")
+	out, err, exitcode := LaceworkCLIWithTOMLConfig("compliance", "aws", "get-report", account, "--report_name", "AWS Cloud Security Alliance Cloud Control Matrix (CSA CCM) v4.0.5")
 	assert.Empty(t, err.String(), "STDERR should be empty")
 	assert.Equal(t, 0, exitcode, "EXITCODE is not the expected one")
 	assert.Contains(t, out.String(), "AWS Cloud Security Alliance",