> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List vulnerability remediations that are in scope for this audit

> List all vulnerability remediations based on selected filters that are in scope for this audit.

End of life — this endpoint works for classic audits only; it does not support
controlled audit view. It remains available for existing classic audits but will be removed once
classic audits are fully phased out, so do not build new integrations on it.

Rate limit: 10 requests / minute.



## OpenAPI

````yaml https://spec.speakeasy.com/vanta/vanta/conduct-an-audit-with-code-samples get /audits/{auditId}/vulnerability-remediations
openapi: 3.0.0
info:
  title: Conduct an audit
  version: 1.0.0
  description: >-
    The Auditor API lets audit firms conduct audits from a tool outside of
    Vanta. Unlock data syncing with Vanta through this API.


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: US Region API
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /audits/{auditId}/vulnerability-remediations:
    get:
      tags:
        - Audits
      summary: List vulnerability remediations that are in scope for this audit
      description: >-
        List all vulnerability remediations based on selected filters that are
        in scope for this audit.


        End of life — this endpoint works for classic audits only; it does not
        support

        controlled audit view. It remains available for existing classic audits
        but will be removed once

        classic audits are fully phased out, so do not build new integrations on
        it.


        Rate limit: 10 requests / minute.
      operationId: ListVulnerabilityRemediationsInAuditScope
      parameters:
        - in: path
          name: auditId
          required: true
          schema:
            type: string
        - in: query
          name: pageSize
          required: false
          schema:
            $ref: '#/components/schemas/PageSize'
        - in: query
          name: pageCursor
          required: false
          schema:
            $ref: '#/components/schemas/PageCursor'
        - description: >-
            Filter vulnerability remediations based on a specific scanner
            integration.
          in: query
          name: integrationId
          required: false
          schema:
            type: string
        - description: |-
            Filter vulnerability remediations by severity.
            Possible values: CRITICAL, HIGH, MEDIUM, LOW.
          in: query
          name: severity
          required: false
          schema:
            $ref: '#/components/schemas/ExternalFindingSeverity'
        - description: Filter vulnerability remediations by remediation status.
          in: query
          name: isRemediatedOnTime
          required: false
          schema:
            type: boolean
        - description: >-
            Filter vulnerability remediations that occurred after a specific
            timestamp.
          in: query
          name: remediatedAfterDate
          required: false
          schema:
            type: string
            format: date-time
        - description: >-
            Filter vulnerability remediations that occurred before a specific
            timestamp.
          in: query
          name: remediatedBeforeDate
          required: false
          schema:
            type: string
            format: date-time
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/PaginatedResponse_VulnerabilityRemediation_
              examples:
                Example 1:
                  value:
                    results:
                      pageInfo:
                        hasNextPage: true
                        hasPreviousPage: false
                        startCursor: YXJyYXljb25uZWN0aW9uOjA=
                        endCursor: YXJyYXljb25uZWN0aW9uOjE=
                      data:
                        - id: a2f7e1b9d0c3f4e5a6c7b8d9
                          vulnerabilityId: a2f7e1b9d0c3f4e5a6c7b8d8
                          vulnerableAssetId: a2f7e1b9d0c3f4e5a6c7b8d7
                          severity: critical
                          detectedDate: '2021-01-01T00:00:00.000Z'
                          slaDeadlineDate: '2021-03-01T00:00:00.000Z'
                          remediationDate: '2021-02-01T00:00:00.000Z'
      deprecated: true
      security:
        - bearerAuth: []
components:
  schemas:
    PageSize:
      type: integer
      format: int32
      default: 10
      description: >-
        Controls the maximum number of items returned in one response from the
        API.
      minimum: 1
      maximum: 100
    PageCursor:
      type: string
      description: >-
        A marker or pointer, telling the API where to start fetching items for
        the subsequent page in a paginated dataset.

        Note that the requested page will not include the item that corresponds
        to this cursor but will start from the one immediately

        after this cursor.
    ExternalFindingSeverity:
      description: >-
        ExternalFindingSeverity describes the severity of an external finding
        (Vulnerability or Security Alert)
      enum:
        - CRITICAL
        - HIGH
        - LOW
        - MEDIUM
      type: string
    PaginatedResponse_VulnerabilityRemediation_:
      properties:
        results:
          properties:
            data:
              items:
                $ref: '#/components/schemas/VulnerabilityRemediation'
              type: array
            pageInfo:
              $ref: '#/components/schemas/PageInfo'
          required:
            - data
            - pageInfo
          type: object
      required:
        - results
      type: object
      additionalProperties: false
    VulnerabilityRemediation:
      properties:
        id:
          type: string
          description: Unique identifier for the remediation.
        vulnerabilityId:
          type: string
          description: Unique identifier for the vulnerability that the remediation is for.
        vulnerableAssetId:
          type: string
          description: >-
            Unique identifier for the vulnerable asset that the remediation is
            for.
        severity:
          type: string
          description: Severity of the vulnerability.
        detectedDate:
          type: string
          format: date-time
          nullable: true
          description: Date when the vulnerability was first detected.
        slaDeadlineDate:
          type: string
          format: date-time
          nullable: true
          description: Date when the vulnerability should be remediated by.
        remediationDate:
          type: string
          format: date-time
          nullable: true
          description: Date when the vulnerability was remediated.
      required:
        - id
        - vulnerabilityId
        - vulnerableAssetId
        - severity
        - detectedDate
        - slaDeadlineDate
        - remediationDate
      type: object
      additionalProperties: false
    PageInfo:
      description: Provides information about the pagination of a dataset.
      properties:
        endCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the end of the current page, or null if
            there is no such cursor.
        hasNextPage:
          type: boolean
          description: Indicates if there is another page after the current page.
        hasPreviousPage:
          type: boolean
          description: Indicates if there is a page before the current page.
        startCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the start of the current page, or null if
            there is no such cursor.
      required:
        - endCursor
        - hasNextPage
        - hasPreviousPage
        - startCursor
      type: object
      additionalProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````