Skip to content

The 30 Workato security checks Black Cat runs

Black Cat SSPM evaluates 30 security policies against your Workato configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

highExcessive Admins

Reduce workspace Environment Admin collaborators to five or fewer

mediumInactive Member

Remove or deactivate collaborators who have been inactive for an extended period

mediumOverprivileged Member

Assign a more restrictive role to collaborators with excessive privileges

infoNo Custom Roles

Create custom environment or project roles to enforce least-privilege access control

lowEmpty Collaborator Group

Remove or populate collaborator groups that have no members

mediumLarge Collaborator Group

Split or trim over-populated collaborator groups to limit blast radius

infoNo Custom Project Roles

Define custom project-level roles to enforce least-privilege access for project collaborators

highInactive Admin Member

Remove or downgrade admin members who have been inactive for 60 or more days

mediumAPI Platform Client Excessive Keys

Revoke unused API keys to reduce the number of active credentials

mediumWorkspace Single Admin

Assign at least one additional Environment Admin to avoid a single point of failure

api security

highAPI Client No IP Restriction

Configure IP allowlisting on the API Platform client to restrict access by source IP

mediumExcessive API Clients

Review and remove developer API clients that are no longer in use

lowAPI Endpoint Inactive

Activate or remove the inactive API endpoint in Workato API Platform

highAPI Platform Client Static Auth Token

Replace static auth token authentication with JWT or OAuth2 for API platform clients

mediumAPI Platform Client No Active Keys

Remove or provision keys for the orphaned API platform client

highDeveloper API Client with Admin Role

Replace the admin role on the developer API client with a least-privilege role

automation

highRecipe High Error Rate

Investigate and fix the recipe that is producing a high rate of job errors

mediumStopped Recipe With Errors

Diagnose and resolve errors that caused the recipe to stop, then restart it

compliance

mediumConnection to Sensitive Provider

Review authorization scope and data access for connections to sensitive SaaS providers

lowCollaborator Group No Description

Add a description to collaborator groups to document their purpose for access reviews

configuration

mediumWorkspace Recipe Limit

Remove unused recipes or upgrade the Workato plan to stay within recipe quota

highBroken Connection

Re-authorize or remove the broken SaaS connection in Workato

lowStale Connection

Review and remove SaaS connections that have not been used recently

highWorkspace Trial Expired

Upgrade the Workato workspace to a paid plan to restore full security controls and SLA

lowRecipe Never Executed

Review and clean up recipes that have never been executed

mediumRecipe Long Stopped

Review and archive recipes that have been stopped for an extended period

mediumConnection Never Authorized

Investigate connections that show as authorized but have no authorization timestamp

mediumRecipe Excessive Application Integrations

Split recipes with many application integrations to reduce blast radius

data protection

mediumRecipe Integrates with Sensitive Application

Review data handling and access controls for recipes connected to sensitive business applications

key management

lowAPI Platform Client No Key Rotation

Implement key rotation by revoking old keys after issuing new ones

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial