Skip to main content

Tracking External Security Tasks in Vanta

S
Written by Shannon DeLange
Updated today

When you connect a task tracker, Vanta will automatically fetch any tasks that have the tag or label “security” or “Security.” When we fetch these tasks, you will see them show up in security tasks Vanta Tests under “Items to Remediate” or “Remediation History”:

Screenshot_2023-05-31_at_9.23.20_AM.png

Vanta collects the following information from task tracker tickets to satisfy the related Vanta tests:

  • Title

  • Assignee

  • Status

  • Priority

  • Tags/labels

Priority Mapping

Vanta will look to tasks assigned Priority and any applied Tags/Labels to satisfy the related 'P0/1/2/3' Vanta tests. In a situation where a priority tag/label has not been applied to a Task, the Priority level, as defined by the task tracker, is used as the source of truth.

Tracking Task Completion

Vanta will track the completion of tasks. How we determine if a ticket has been closed may vary depending on the task tracker:

  • Asana - We check whether the “Completed At” field has been set

  • Azure DevOps - We check whether “Microsoft.VSTS.Common.ClosedDate” has been set for the work item

  • ClickUp - We check whether the task’s status type is “done” or “closed”

  • Github - We check whether “Closed At” has been set for the issue

  • Gitlab - We check whether “Closed At” has been set for the issue

  • JIRA - We look at the field “Resolution Date” or the field “status” and if the “status category” is marked “Done.”

  • Linear - We check whether any of “Completed At”, “Canceled At”, or “Archived At” has been set

  • Monday - We check whether the Status column for a value of “Done”

  • Pivotal Tracker - We check whether the “Current State” is “accepted”

  • Shortcut - We check whether “Completed At” or “Archived” has been set

  • Trello - We check whether task has been marked “closed” or “dueComplete” or is contained in a list that has been closed or named “Done”

  • Merge Integrations - We check whether Merge has interpreted the ticket as closed

  • Freshdesk - Determined via “Status” field reported by /v2/tickets in their API

  • Front - Determined via “Status” field reported by /inboxes/{project_id}/conversations in their API

  • Help Scout - Determined via “Status” field reported by /conversations in their API

  • Kustomer - Determined via “Status” attribute reported by /conversations in their API

  • Re:amaze - Determined via “Status” field reported by /v1/conversations in their API

  • Teamwork - Determined via “Status” field reported by /tasks in their API

  • Zoho Bug Tracker - Determined via “Status.type” field reported by /restapi/portal/${portal_id}/projects/${project_id}/bugs

  • Zoho Desk - Determined via “statusType” field reported by /tickets in their API

Customizing Security Tags

If you are using the “security” tag for other uses or use other tags to track security tasks, you can customize the label in Vanta:

  • Navigate to your connected task tracker on the Integrations page and click on Manage

Screenshot_2023-05-30_at_3.45.07_PM.png

  • In the sub-menu, select Task tracking labels

Screenshot_2023-05-30_at_3.45.43_PM.png

  • In the modal that pops up, enter all the labels that you would like Vanta to use to track audit-related security issues

Screenshot_2023-05-30_at_3.46.35_PM.png

  • After entering the labels you would like Vanta to track, hit Save

  • Once complete, Vanta will pull in tasks with the configured security label.

We currently do not support required fields beyond the default. You can find more information here: https://help.vanta.com/en/articles/11346060-jira-integration-error-message-unsupported-required-fields

Related Articles
Tracking Incident Management and Resolution Tickets in Vanta: Jira
Notion Task Tracker Configuration Modal
Tracking Offboarding Access Tickets in Vanta: Jira
Vanta & Task Management
Jira security Tasks not Syncing to Vanta - Troubleshooting