Vanta's Vulnerability page is beneficial in providing a high-level overview of the detected, remediated, or ignored vulnerabilities on your servers and containers.
Vanta can pull data from the following vulnerability scanners for servers and containers
- AWS Inspector
- Snyk
- AWS ECR (Elastic Container Registry)
- GCP GCR (Google Container Registry)
- Azure Containers
The Vulnerability page has cards that focus on the following:
- All remediated vulnerabilities
- Vulmerabitlies that have been patched or remediated by the team
- Past SLA misses
- Instances where remediation did not meet the standard set by the SLA
- Ignored vulnerabilities
- Remediation will no longer be tracked for these vulnerabilities
- Cloud Infrastructure specific servers
- Cloud Infrastructure specific containers
For each of the servers or containers Vanta is scanning, you'll have the ability to drill down into the specific resource to see the list of vulnerabilities that need to be patched.
Additionally, you'll be able to see the following information for each vulnerability:
- Package name
- CVEs
- A known vulnerability with an assigned CVE ID number
- CVE severity
- score assigned around detrimental a breach of this vulnerability would be to your organization
- Due date
- When remediation should be completed by