> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List assets associated with vulnerabilities

> List assets that Vanta monitors that are associated with vulnerabilities.



## OpenAPI

````yaml /reference/manage-vanta.json get /vulnerable-assets
openapi: 3.0.0
info:
  title: Manage Vanta
  version: 1.0.0
  description: >-
    The REST API lets customers query and mutate Vanta's data. Use this API to
    automate bulk actions, query data for custom workflows and dashboards, and
    bolster your security operations


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /vulnerable-assets:
    get:
      tags:
        - Vulnerable Assets
      summary: List assets associated with vulnerabilities
      description: >-
        List assets that Vanta monitors that are associated with
        vulnerabilities.
      operationId: ListVulnerableAssets
      parameters:
        - description: Filter vulnerable assets by search query.
          in: query
          name: q
          required: false
          schema:
            type: string
        - in: query
          name: pageSize
          required: false
          schema:
            $ref: '#/components/schemas/PageSize'
        - in: query
          name: pageCursor
          required: false
          schema:
            $ref: '#/components/schemas/PageCursor'
        - description: Filter vulnerable assets by specific vulnerability scanner.
          in: query
          name: integrationId
          required: false
          schema:
            type: string
        - description: >-
            Filter vulnerable assets by asset type.

            Possible values: CODE_REPOSITORY, CONTAINER_REPOSITORY,
            CONTAINER_REPOSITORY_IMAGE, MANIFEST_FILE, SERVER,
            SERVERLESS_FUNCTION, WORKSTATION.
          in: query
          name: assetType
          required: false
          schema:
            $ref: '#/components/schemas/VulnerableAssetType'
        - description: Filter vulnerable assets by...
          in: query
          name: assetExternalAccountId
          required: false
          schema:
            type: string
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedResponse_VulnerableAsset_'
              examples:
                Example 1:
                  value:
                    results:
                      pageInfo:
                        hasNextPage: true
                        hasPreviousPage: false
                        startCursor: YXJyYXljb25uZWN0aW9uOjA=
                        endCursor: YXJyYXljb25uZWN0aW9uOjE=
                      data:
                        - id: a2f7e1b9d0c3f4e5a6c7b8d9
                          name: CVE-2021-12345
                          assetType: SERVER
                          hasBeenScanned: true
                          imageScanTag: apac-production:latest
                          scanners:
                            - resourceId: 6733c25f852819d3b8d97a86
                              integrationId: qualys
                              imageDigest: sha256:123456
                              imagePushedAtDate: '2021-01-01T00:00:00.000Z'
                              imageTags:
                                - candidate-1234567890
                              assetTags:
                                - key: company-name
                                  value: vanta-llama
                              parentAccountOrOrganization: 12345678-abcd-cdef-ab12-abcd1234bbbb
                              biosUuid: '123456'
                              ipv4s:
                                - 12.12.123.123
                              ipv6s: null
                              macAddresses:
                                - 1234AB987FED
                              hostnames:
                                - purple-llama
                              fqdns:
                                - purple-llama
                              operatingSystems:
                                - Windows11
                              targetId: 12345678-abcd-cdef-ab12-abcd1234bbbc
      security:
        - bearerAuth: []
components:
  schemas:
    PageSize:
      type: integer
      format: int32
      default: 10
      description: >-
        Controls the maximum number of items returned in one response from the
        API.
      minimum: 1
      maximum: 100
    PageCursor:
      type: string
      description: >-
        A marker or pointer, telling the API where to start fetching items for
        the subsequent page in a paginated dataset.

        Note that the requested page will not include the item that corresponds
        to this cursor but will start from the one immediately

        after this cursor.
    VulnerableAssetType:
      type: string
      enum:
        - SERVER
        - SERVERLESS_FUNCTION
        - CONTAINER
        - CONTAINER_REPOSITORY
        - CONTAINER_REPOSITORY_IMAGE
        - CODE_REPOSITORY
        - MANIFEST_FILE
        - WORKSTATION
        - OTHER
      description: VulnerableAssetType describes the types of assets a vulnerability is on.
    PaginatedResponse_VulnerableAsset_:
      properties:
        results:
          properties:
            data:
              items:
                $ref: '#/components/schemas/VulnerableAsset'
              type: array
            pageInfo:
              $ref: '#/components/schemas/PageInfo'
          required:
            - data
            - pageInfo
          type: object
      required:
        - results
      type: object
      additionalProperties: false
    VulnerableAsset:
      properties:
        id:
          type: string
          description: Unique identifier for the vulnerable asset.
        name:
          type: string
          description: Display name of the vulnerable asset.
        assetType:
          $ref: '#/components/schemas/VulnerableAssetType'
          description: >-
            Type of the vulnerable asset.

            Possible values: CODE_REPOSITORY, CONTAINER_REPOSITORY,
            CONTAINER_REPOSITORY_IMAGE, MANIFEST_FILE, SERVER,
            SERVERLESS_FUNCTION, WORKSTATION.
        hasBeenScanned:
          type: boolean
          description: Whether the vulnerable asset has been scanned.
        imageScanTag:
          type: string
          nullable: true
          description: >-
            Only relevant for container repositories. This field sets the
            container image tag that vulnerabilities will be retrieved for. If
            null, the latest image will be retrieved.
        scanners:
          items:
            $ref: '#/components/schemas/VulnerableAssetScanner'
          type: array
          description: The integrations that are scanning this vulnerable asset.
      required:
        - id
        - name
        - assetType
        - hasBeenScanned
        - imageScanTag
        - scanners
      type: object
      additionalProperties: false
    PageInfo:
      description: Provides information about the pagination of a dataset.
      properties:
        endCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the end of the current page, or null if
            there is no such cursor.
        hasNextPage:
          type: boolean
          description: Indicates if there is another page after the current page.
        hasPreviousPage:
          type: boolean
          description: Indicates if there is a page before the current page.
        startCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the start of the current page, or null if
            there is no such cursor.
      required:
        - endCursor
        - hasNextPage
        - hasPreviousPage
        - startCursor
      type: object
      additionalProperties: false
    VulnerableAssetScanner:
      properties:
        resourceId:
          type: string
          description: The scanned asset's Vanta resource id.
        integrationId:
          type: string
          description: Integration that the the vulnerable asset is scanned by.
        imageDigest:
          type: string
          nullable: true
          description: Digest of the scanned container image.
        imagePushedAtDate:
          type: string
          format: date-time
          nullable: true
          description: Push date of the scanned container image.
        imageTags:
          items:
            type: string
          type: array
          nullable: true
          description: Tags of the scanned container image.
        assetTags:
          items:
            $ref: '#/components/schemas/KeyValuePair'
          type: array
          nullable: true
          description: Tags of the scanned asset.
        parentAccountOrOrganization:
          type: string
          nullable: true
          description: The parent account or organization of the scanned asset.
        biosUuid:
          type: string
          nullable: true
          description: BIOS UUID of the scanned asset.
        ipv4s:
          items:
            type: string
          type: array
          nullable: true
          description: IPV4s of the scanned asset.
        ipv6s:
          items:
            type: string
          type: array
          nullable: true
          description: IPV6s of the scanned asset.
        macAddresses:
          items:
            type: string
          type: array
          nullable: true
          description: Mac addresses of the scanned asset.
        hostnames:
          items:
            type: string
          type: array
          nullable: true
          description: Host names of the scanned asset.
        fqdns:
          items:
            type: string
          type: array
          nullable: true
          description: fqdns of the scanned asset.
        operatingSystems:
          items:
            type: string
          type: array
          nullable: true
          description: Operating systems of the scanned asset.
        targetId:
          type: string
          nullable: true
          description: The asset's identifier code.
      required:
        - resourceId
        - integrationId
        - imageDigest
        - imagePushedAtDate
        - imageTags
        - assetTags
        - parentAccountOrOrganization
        - biosUuid
        - ipv4s
        - ipv6s
        - macAddresses
        - hostnames
        - fqdns
        - operatingSystems
        - targetId
      type: object
      additionalProperties: false
    KeyValuePair:
      properties:
        key:
          type: string
          description: Key of key-value pair.
        value:
          type: string
          description: Value of key-value pair.
      required:
        - key
        - value
      type: object
      additionalProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````