> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update vendor finding

> Update vendor finding.



## OpenAPI

````yaml /reference/manage-vanta.json patch /vendors/{vendorId}/findings/{findingId}
openapi: 3.0.0
info:
  title: Manage Vanta
  version: 1.0.0
  description: >-
    The REST API lets customers query and mutate Vanta's data. Use this API to
    automate bulk actions, query data for custom workflows and dashboards, and
    bolster your security operations


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /vendors/{vendorId}/findings/{findingId}:
    patch:
      tags:
        - Vendors
      summary: Update vendor finding
      description: Update vendor finding.
      operationId: UpdateVendorFinding
      parameters:
        - in: path
          name: vendorId
          required: true
          schema:
            type: string
        - in: path
          name: findingId
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateFindingInput'
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/VendorFinding'
              examples:
                Example 1:
                  value:
                    id: 66bb83e06c54dc42afedb174
                    vendorId: 66bb83dc14f5709efe418859
                    securityReviewId: 66bb83977ffe63d2c54d6711
                    documentId: null
                    content: >-
                      This vendor has not performed a penetration test in the
                      past 15 months.
                    riskStatus: REMEDIATE
                    remediation:
                      requirementNotes: >-
                        We need them to provide an updated penetration test
                        report.
                      state: OPEN
      security:
        - bearerAuth: []
components:
  schemas:
    UpdateFindingInput:
      properties:
        content:
          type: string
          description: The content of the finding.
        riskStatus:
          $ref: '#/components/schemas/FindingRiskStatus'
          description: The risk status of the finding.
        remediation:
          properties:
            state:
              $ref: '#/components/schemas/FindingRemediationState'
              description: The state of the remediation.
            requirementNotes:
              type: string
              description: >-
                A string containing the information needed to properly remediate
                the finding.
          type: object
          description: >-
            Remediation information about the finding. Will only be populated if
            riskStatus is set to "REMEDIATE".
      type: object
      additionalProperties: false
    VendorFinding:
      properties:
        id:
          type: string
          description: Unique identifier for the finding.
        vendorId:
          type: string
          description: Unique identifier for the vendor.
        securityReviewId:
          type: string
          nullable: true
          description: Unique identifier for a security review.
        documentId:
          type: string
          nullable: true
          description: Unique identifier for a document.
        content:
          type: string
          description: The content of the finding.
        riskStatus:
          $ref: '#/components/schemas/FindingRiskStatus'
          description: The risk status of the finding.
        remediation:
          properties:
            state:
              $ref: '#/components/schemas/FindingRemediationState'
              description: The state of the remediation.
            requirementNotes:
              type: string
              nullable: true
              description: >-
                A string containing the information needed to properly remediate
                the finding.
          required:
            - state
            - requirementNotes
          type: object
          nullable: true
          description: >-
            Remediation information about the finding. Will only be populated if
            riskStatus is set to "REMEDIATE".
      required:
        - id
        - vendorId
        - securityReviewId
        - documentId
        - content
        - riskStatus
        - remediation
      type: object
      additionalProperties: false
    FindingRiskStatus:
      description: >-
        The status of the finding:

        - ACCEPT: The finding and its risk has been accepted and no follow up is
        required.

        - REMEDIATE: The finding needs to be remediated in some way.

        - NONE: The finding is not related to an observed risk that needs to be
        accepted or remediated.
      enum:
        - ACCEPT
        - REMEDIATE
        - NONE
      type: string
    FindingRemediationState:
      description: >-
        The current state of a finding remediation:

        - OPEN: The finding has not been remediated and still needs to be
        addressed.

        - CLOSED: The finding has been remediated and no further action is
        needed.
      enum:
        - OPEN
        - CLOSED
      type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````