> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sync all Package Vulnerabilities

> To send us data related to package vulnerabilities. Note that you must first sync `VulnerableComponent` resources before sending us this data, and this sync should reference the `uniqueId` field in the `VulnerableComponent` resource.

This call replaces ALL existing `PackageVulnerabilityConnectors` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `PackageVulnerabilityConnectors` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta.

** Headers **
```
Authorization: Bearer <access_token>
```

** Scopes **
```
connectors.self:write-resource
```

** Schema **

Expand the `resources` array below for the schema of `PackageVulnerabilityConnectors`.



## OpenAPI

````yaml /reference/build-integrations.json put /v1/resources/package_vulnerability_connectors
openapi: 3.0.1
info:
  title: Build integrations
  description: >-
    The API that enables syncing and viewing resources


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token and authorization URLs shown
    below default to the commercial hosts — Gov customers should replace
    `api.vanta.com` with `api.vanta-gov.com` and `app.vanta.com` with
    `app.vanta-gov.com`.
  termsOfService: https://www.vanta.com/terms
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
  license:
    name: Vanta Terms of Service
    url: https://www.vanta.com/terms
  version: 0.0.1
servers:
  - url: https://api.vanta.com
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com
    description: Vanta Gov (FedRAMP)
security:
  - oauth:
      - connectors.self:read-resource
      - connectors.self:write-resource
tags:
  - name: API Endpoint Vulnerabilities
  - name: Background Checks
  - name: Custom Resources
  - name: Documents
  - name: MacOS User Computers
  - name: Package Vulnerabilities
  - name: Secrets
  - name: Security Tasks
  - name: Static Code Analysis Vulnerabilities
  - name: User Accounts
  - name: User Security Training Statuses
  - name: Vulnerable Components
  - name: Windows User Computers
paths:
  /v1/resources/package_vulnerability_connectors:
    put:
      tags:
        - Package Vulnerabilities
      summary: Sync all Package Vulnerabilities
      description: >-
        To send us data related to package vulnerabilities. Note that you must
        first sync `VulnerableComponent` resources before sending us this data,
        and this sync should reference the `uniqueId` field in the
        `VulnerableComponent` resource.


        This call replaces ALL existing `PackageVulnerabilityConnectors`
        resources for the given app and `source_id` - this is a "state of the
        world" sync. In other words, if a `PackageVulnerabilityConnectors`
        resource is sent for a user in a previous `sync_all` call, but is not
        included in a later `sync_all` call for that customer, it is assumed to
        no longer exist and is deleted in Vanta.


        ** Headers **

        ```

        Authorization: Bearer <access_token>

        ```


        ** Scopes **

        ```

        connectors.self:write-resource

        ```


        ** Schema **


        Expand the `resources` array below for the schema of
        `PackageVulnerabilityConnectors`.
      operationId: put-PackageVulnerabilityConnectors
      requestBody:
        description: List of resources to sync
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - resourceId
                - resources
              properties:
                resourceId:
                  type: string
                  description: >-
                    Vanta generated identifier for the given resource, and can
                    be found on the developer console page. See the list of
                    registered resources and their IDs on
                    https://app.vanta.com/settings/developer-console/<app_id>?tab=resources
                resources:
                  type: array
                  items:
                    properties:
                      displayName:
                        type: string
                        description: >-
                          A human readable label for this resource - will be
                          shown as-is in inventory page.
                      uniqueId:
                        type: string
                        description: A stable global identifier for this resource.
                      externalUrl:
                        type: string
                        description: >-
                          A link to this resource on the partner site. This must
                          be a HTTPS URL.
                      packageName:
                        type: string
                        description: >-
                          The name of the package associated with the
                          vulnerability.
                      packageVersion:
                        type: string
                        description: >-
                          The version of the package associated with the
                          vulnerability.
                      severity:
                        type: number
                        format: float
                        description: >-
                          The severity of the vulnerability, on a scale of 0 to
                          10. This will be rounded to the nearest tenth.
                      vulnerableComponentUniqueId:
                        type: string
                        description: >-
                          A unique identifier for the vulnerable component
                          associated with the vulnerability. This must reference
                          the `uniqueId` field in the a previously supplied
                          `VulnerableComponent`.
                      description:
                        type: string
                        description: A description of the vulnerability.
                      isResolvable:
                        type: boolean
                        description: Whether the vulnerability can be resolved.
                      remediationInstructions:
                        type: string
                        description: Instructions for remediating the vulnerability.
                      isReachable:
                        type: boolean
                        description: >-
                          Whether there is a code path to the vulnerable code in
                          this package. This field is optional.
                      cveId:
                        type: string
                        description: >-
                          The Common Vulnerabilities and Exposures (CVE)
                          identifier for the vulnerability. This field is
                          optional.
                      cvss3Vector:
                        type: string
                        description: >-
                          The Common Vulnerability Scoring System (CVSS) version
                          3 vector for the vulnerability. This field is
                          optional.
                      cvss3Score:
                        type: number
                        format: float
                        description: >-
                          The Common Vulnerability Scoring System (CVSS) version
                          3 score for the vulnerability. This field is optional.
                    required:
                      - displayName
                      - uniqueId
                      - externalUrl
                      - packageName
                      - packageVersion
                      - severity
                      - vulnerableComponentUniqueId
                      - description
                      - isResolvable
                      - remediationInstructions
      responses:
        '200':
          description: The current resources synced.
          content:
            application/json:
              schema:
                type: object
                required:
                  - success
                properties:
                  success:
                    type: boolean
components:
  securitySchemes:
    oauth:
      type: oauth2
      x-default: vat_llamainapajama
      flows:
        authorizationCode:
          authorizationUrl: https://app.vanta.com/oauth/authorize
          tokenUrl: https://api.vanta.com/oauth/token
          scopes:
            connectors.self:write-resource: Send data to your account.
            connectors.self:read-resource: Read data from your account.

````