Wire up the clouds and security tools VinTekh reads from. A cloud parent (Azure / AWS / GCP) authenticates once at whatever scope you grant; its capabilities (Defender, Sentinel, Log Analytics, CloudWatch Logs) can reuse that same auth boundary instead of re-onboarding. Status reflects real discovery — never optimistic.
Subscriptions, resources, posture — single Service Principal feeds the whole estate.
Organizations + EC2/RDS/S3 + Security Hub — one IAM role at org or account scope.
Projects, resources, findings — Workload-Identity-federated SA at org/folder/project scope.
CNAPP findings via OAuth device-code
Problems + Smartscape topology
Monitors, metrics, traces
Pods, services, ingresses, network policies
Upload state to enrich topology with deps