Vanta's Vulnerability page is beneficial in providing a high-level overview of the detected, remediated, or ignored vulnerabilities on your servers and containers.
Vanta can pull data from the following vulnerability scanners for servers and containers:
- AWS Inspector
- Snyk
- AWS ECR (Elastic Container Registry)
- GCP GCR (Google Container Registry)
- Azure Containers
- Azure Defender for Containers and Virtual Machines
- Github Dependabot
The Vulnerability page has tabs that focus on the following:
- Findings by asset
- Security vulnerabilities found on individual assets
- Finding by vulnerability
- all found vulnerabilities
- Ignored
- vulnerabilities that have been ignored
- History
- SLA misses & on-time remediations
- Settings
- SLA settings and available integrations
Findings by Vulnerability
- Identifier
- Source
- CVEs
- A known vulnerability with an assigned CVE ID number
- CVE severity
- score assigned around how detrimental a breach of this vulnerability would be to your organization
- Assets
- The number of assets the vulnerability is found on
- Due date
- When remediation should be completed by
- First Seen/Last Seen
- Available Fix
- Is a remediation or patch available for the vulnerability
Vulnerability Settings
- When vulnerabilities are detected within your infrastructure, ensure that they are triaged and remediated on time through SLAs. You can create your own or use Vanta's recommendation.
- Vanta creates SLAs based on the day that Vanta detects the vulnerability
- These SLAs will be tracked in the History tab
If you previously set your SLAs for vulnerabilities, any changes made here will update your vulnerability settings across Vanta. Changes will be applied to new vulnerabilities and not affect any historical or currently open vulnerabilities.
Updated
<%= heading %>