If you use the vulnerability scanning feature in GitLab and wish to configure it to work with Vanta, this is possible only if you're using the GitLab Security Dashboards and Security Center. The vulnerabilities must come from the default or main branch, as we are unable to pull vulnerabilities from side or feature branches.
If you do not use the Security Dashboards and Security Center feature, but still use one of the scanning tools in Gitlab such as Static Application Security Testing (SAST), Infrastructure as Code (IaC) scanning, Secret detection, Dependency scanning these vulnerabilities will not pull into Vanta.
Note the Security Dashboards and Security Center is a premium feature in Gitlab
Other Prerequisites
You must have the GitLab Ultimate subscription tier
Have a paid GitLab Duo Enterprise seat
GitLab Duo must be enabled for the group or instance
The person who connected the Gitlab Integration in Vanta must be at minimum a member of the project
The vulnerability must be from a SAST scanner