Skip to main content

The Vulnerabilities Page

S
Written by Shannon DeLange
Updated this week

Vanta's Vulnerability page is beneficial in providing a high-level overview of the detected, remediated, or ignored vulnerabilities on your servers and containers.

Vanta can pull data from the following vulnerability scanners for servers and containers:

  • 13 Penetration Testing & Scanning

  • Aikido Security

  • AWS ECR (Elastic Container Registry)

  • AWS Inspector

  • Azure Containers

  • Azure Defender for Containers and Virtual Machines

  • Cacilian Pentest and Scanner

  • Coana

  • Crowdstrike

  • Darkspot by Contxt

  • DeepSource

  • EdgeBit Security

  • GCP GCR (Google Artifact Registry)

  • Github Dependabot

  • GitLab

  • Heyhack

  • Lacework

  • Lumenova AI

  • Microsoft Defender for Endpoint

  • Orca Security

  • Prancer

  • Qualys

  • SentinelOne

  • Snyk

  • Socket Security

  • SOOS Security Analysis

  • Tenable

The Vulnerability page has tabs that focus on the following:

  • Findings by asset

    • Security vulnerabilities found on individual assets

  • Finding by vulnerability

    • all found vulnerabilities

  • Deactivated

  • History

    • SLA misses & on-time remediations

  • Settings

    • SLA settings and available integrations

Findings by Vulnerability

  • Identifier

  • Source

  • CVEs

    • A known vulnerability with an assigned CVE ID number

  • CVE severity

    • score assigned around how detrimental a breach of this vulnerability would be to your organization

  • Assets

    • The number of assets the vulnerability is found on

  • Due date

    • When remediation should be completed by

  • First Seen/Last Seen

  • Available Fix

    • Is a remediation or patch available for the vulnerability

Visual Information

  • From the Findings by asset page, you will see

    • Asset scan coverage by source

    • Asset SLA Status

  • From the Findings by Vulnerability page, you will see

    • Vulnerabilities by severity level

    • SLA tracking

Screenshot 2024-06-14 at 3.57.19 PM.png

Vulnerability Settings

  • When vulnerabilities are detected within your infrastructure, ensure they are triaged and remediated on time through SLAs. You can create your own or use Vanta's recommendation.

  • Vanta creates SLAs based on the day that Vanta detects the vulnerability

  • These SLAs will be tracked in the History tab

Screenshot 2024-06-14 at 3.57.59 PM.png

If you previously set your SLAs for vulnerabilities, any changes made here will update your vulnerability settings across Vanta. Changes will be applied to new vulnerabilities and not affect any historical or currently open vulnerabilities.

Related Articles
Automatically Reopen Vulnerabilities when a Fix is Available
Setting up Vulnerability Scanning
No vulnerability data received (Azure Container)
Sunsetting Server Vulnerability Scanning
Frequently Asked Question: What Should I Use for Vulnerability Scanning?