> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List vendor findings

> Lists a vendor's findings.



## OpenAPI

````yaml /reference/manage-vanta.json get /vendors/{vendorId}/findings
openapi: 3.0.0
info:
  title: Manage Vanta
  version: 1.0.0
  description: >-
    The REST API lets customers query and mutate Vanta's data. Use this API to
    automate bulk actions, query data for custom workflows and dashboards, and
    bolster your security operations


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /vendors/{vendorId}/findings:
    get:
      tags:
        - Vendors
      summary: List vendor findings
      description: Lists a vendor's findings.
      operationId: ListVendorFindings
      parameters:
        - in: path
          name: vendorId
          required: true
          schema:
            type: string
        - in: query
          name: pageSize
          required: false
          schema:
            $ref: '#/components/schemas/PageSize'
        - in: query
          name: pageCursor
          required: false
          schema:
            $ref: '#/components/schemas/PageCursor'
        - description: Filter findings by security review ID
          in: query
          name: securityReviewId
          required: false
          schema:
            type: string
        - description: Filter findings by document ID
          in: query
          name: documentId
          required: false
          schema:
            type: string
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedResponse_VendorFinding_'
              examples:
                Example 1:
                  value:
                    results:
                      data:
                        - id: 66bb83e06c54dc42afedb174
                          vendorId: 66bb83dc14f5709efe418859
                          securityReviewId: 66bb83977ffe63d2c54d6711
                          documentId: null
                          content: >-
                            This vendor has not performed a penetration test in
                            the past 15 months.
                          riskStatus: REMEDIATE
                          remediation:
                            requirementNotes: >-
                              We need them to provide an updated penetration
                              test report.
                            state: OPEN
                      pageInfo:
                        hasNextPage: false
                        hasPreviousPage: false
                        startCursor: 6696ea0595df50d5cd6ec3b7
                        endCursor: 6696ece48eb1f98ff3d927c6
      security:
        - bearerAuth: []
components:
  schemas:
    PageSize:
      type: integer
      format: int32
      default: 10
      description: >-
        Controls the maximum number of items returned in one response from the
        API.
      minimum: 1
      maximum: 100
    PageCursor:
      type: string
      description: >-
        A marker or pointer, telling the API where to start fetching items for
        the subsequent page in a paginated dataset.

        Note that the requested page will not include the item that corresponds
        to this cursor but will start from the one immediately

        after this cursor.
    PaginatedResponse_VendorFinding_:
      properties:
        results:
          properties:
            data:
              items:
                $ref: '#/components/schemas/VendorFinding'
              type: array
            pageInfo:
              $ref: '#/components/schemas/PageInfo'
          required:
            - data
            - pageInfo
          type: object
      required:
        - results
      type: object
      additionalProperties: false
    VendorFinding:
      properties:
        id:
          type: string
          description: Unique identifier for the finding.
        vendorId:
          type: string
          description: Unique identifier for the vendor.
        securityReviewId:
          type: string
          nullable: true
          description: Unique identifier for a security review.
        documentId:
          type: string
          nullable: true
          description: Unique identifier for a document.
        content:
          type: string
          description: The content of the finding.
        riskStatus:
          $ref: '#/components/schemas/FindingRiskStatus'
          description: The risk status of the finding.
        remediation:
          properties:
            state:
              $ref: '#/components/schemas/FindingRemediationState'
              description: The state of the remediation.
            requirementNotes:
              type: string
              nullable: true
              description: >-
                A string containing the information needed to properly remediate
                the finding.
          required:
            - state
            - requirementNotes
          type: object
          nullable: true
          description: >-
            Remediation information about the finding. Will only be populated if
            riskStatus is set to "REMEDIATE".
      required:
        - id
        - vendorId
        - securityReviewId
        - documentId
        - content
        - riskStatus
        - remediation
      type: object
      additionalProperties: false
    PageInfo:
      description: Provides information about the pagination of a dataset.
      properties:
        endCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the end of the current page, or null if
            there is no such cursor.
        hasNextPage:
          type: boolean
          description: Indicates if there is another page after the current page.
        hasPreviousPage:
          type: boolean
          description: Indicates if there is a page before the current page.
        startCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the start of the current page, or null if
            there is no such cursor.
      required:
        - endCursor
        - hasNextPage
        - hasPreviousPage
        - startCursor
      type: object
      additionalProperties: false
    FindingRiskStatus:
      description: >-
        The status of the finding:

        - ACCEPT: The finding and its risk has been accepted and no follow up is
        required.

        - REMEDIATE: The finding needs to be remediated in some way.

        - NONE: The finding is not related to an observed risk that needs to be
        accepted or remediated.
      enum:
        - ACCEPT
        - REMEDIATE
        - NONE
      type: string
    FindingRemediationState:
      description: >-
        The current state of a finding remediation:

        - OPEN: The finding has not been remediated and still needs to be
        addressed.

        - CLOSED: The finding has been remediated and no further action is
        needed.
      enum:
        - OPEN
        - CLOSED
      type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````