Skip to main content
POST
/
vendors
/
{vendorId}
/
findings
Add a vendor finding
curl --request POST \
  --url https://api.vanta.com/v1/vendors/{vendorId}/findings \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "content": "<string>",
  "remediation": {
    "requirementNotes": "<string>"
  },
  "securityReviewId": "<string>",
  "documentId": "<string>"
}
'
{
  "id": "66bb83e06c54dc42afedb174",
  "vendorId": "66bb83dc14f5709efe418859",
  "securityReviewId": "66bb83977ffe63d2c54d6711",
  "documentId": null,
  "content": "This vendor has not performed a penetration test in the past 15 months.",
  "riskStatus": "REMEDIATE",
  "remediation": {
    "requirementNotes": "We need them to provide an updated penetration test report.",
    "state": "OPEN"
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

vendorId
string
required

Body

application/json
content
string
required

The content of the finding.

riskStatus
enum<string>
required

The risk status of the finding.

Available options:
ACCEPT,
REMEDIATE,
NONE
remediation
object

Remediation information about the finding. Will only be populated if riskStatus is set to "REMEDIATE".

securityReviewId
string

Unique identifier for a security review.

documentId
string

Unique identifier for a document.

Response

200 - application/json

Ok

id
string
required

Unique identifier for the finding.

vendorId
string
required

Unique identifier for the vendor.

securityReviewId
string | null
required

Unique identifier for a security review.

documentId
string | null
required

Unique identifier for a document.

content
string
required

The content of the finding.

riskStatus
enum<string>
required

The risk status of the finding.

Available options:
ACCEPT,
REMEDIATE,
NONE
remediation
object
required

Remediation information about the finding. Will only be populated if riskStatus is set to "REMEDIATE".