Frequently Asked Questions: How do I Mark Resources out of Scope?

  • Updated

You may have some inventory items built into your infrastructure that has yet to be included in the scope of your audit. You can mark them out of scope on the Integrations


You can mark resources out of scope in the following connections: 

  • Cloud Provider
  • Identity Provider
  • Version Control System
  • Human Resource Information System
  • Datastore Provider
  • Mobile Device Management Tool

Manually Configure the Scope of Your Resources 

  • Select Integrations from the left-hand navigation panel
  • Choose the integration you would like to adjust, and select configure scope


  • From here, you can toggle each option off or on one by one, or select:
    • Mark all in: to mark all options in scope
    • Mark all off: to mark all options out of scope

  • Changes will be saved automatically



Scoping through Tags 

  • Vanta supports reading tags (called labels in GCP) from our various cloud provider integrations to populate different attributes of cloud resources, such as owner, description, user data, and scope. While these attributes can be set manually on the inventory page or integration page for scoping, these fields are not persistent and will disappear once the integration is disconnected. For this reason, we recommend using tags, as they are continuous and more scalable.


What should be considered In-Scope or Out-of-Scope for an audit? 

  • In-scope inventory should include any item used in your production environment, items containing sensitive information, and items containing user data. It is essential to ensure these items are secure due to the nature of the information they contain. 

  • Out-of-scope inventory could be any items not used in a production environment or items that do not contain sensitive information. 


Turning off automatic scoping of new resources

By default, Vanta automatically scopes in new resources as a best practice so that users don’t have to manually keep track of resources that are scoped in for an audit. In some scenarios, you may not want this behavior. If you would like to scope in new repositories manually, follow these steps:


This behavior is currently only available for the following Version Control System integrations: GitHub, GitLab, and Bitbucket.
  • Select Configure Scope on the Integrations page

  • Turn off the toggle for Automatically scope in new repositories

  • Confirm the change in the warning prompt if you would like to proceed.

  • New repositories will no longer be scoped in by default
    • Ensure you periodically check for new repositories to ensure you’ve included the appropriate ones for your audit.
  • You can always turn the toggle back on if you’d like to scope in new repositories automatically.

Additional Resources

Was this article helpful?

Have more questions? Submit a request