Skip to main content

Code Changes in Vanta

J
Written by Jaquez Hodo
Updated yesterday

The Code Changes feature in Vanta helps you track and review code updates across your connected repositories. This allows your team to see which changes were compliant with your security requirements and which were not—helping you stay on top of potential risks and provide clear evidence for audits. You can access this feature by selecting Assets in the navigation panel, followed by Code Changes.

Which integrations power this feature

Code Changes is powered by your connected source code management integrations, such as GitHub, GitLab, and Bitbucket. These integrations allow Vanta to monitor changes made in your repositories and display them in the Code Changes view.

Setting up Code Changes

To use Code Changes, you’ll first need to connect your code repository integrations:

  • From the left-hand navigation panel, select Integrations

  • Search for and select your source code management tool (for example, GitHub)

  • Follow the prompts to connect your account and authorize access

  • Once connected, Vanta will begin syncing recent code changes into the Code Changes page

Please note: If your Vanta package was recently upgraded to include Code Changes, the feature may take some time to populate with data.

How long until code changes appear

After setup, code changes typically appear within a few hours, depending on repository size and sync schedules. If you recently upgraded your package, it may take longer for historical changes to fully load.

Are historical changes shown

Yes. Once the integration syncs, you’ll see both recent and historical code changes in the Code Changes page.

What makes a code change compliant or non-compliant

Vanta checks each code change against your organization’s compliance rules, which may include:

  • Whether the change was reviewed through a pull request or merge request

  • If an appropriate number of reviewers approved the change

  • If the change was merged into a protected branch (for example, main or master)

  • Whether the commit author is linked to an active employee in Vanta

Changes that do not meet these criteria will appear as non-compliant.