> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sync all Vulnerable Components

> To send us data related to system components that have vulnerabilities.

This call replaces ALL existing `VulnerableComponent` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `VulnerableComponent` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta.

** Headers **
```
Authorization: Bearer <access_token>
```

** Scopes **
```
connectors.self:write-resource
```

** Schema **

Expand the `resources` array below for the schema of `VulnerableComponent`.



## OpenAPI

````yaml /reference/build-integrations.json put /v1/resources/vulnerable_component
openapi: 3.0.1
info:
  title: Build integrations
  description: >-
    The API that enables syncing and viewing resources


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token and authorization URLs shown
    below default to the commercial hosts — Gov customers should replace
    `api.vanta.com` with `api.vanta-gov.com` and `app.vanta.com` with
    `app.vanta-gov.com`.
  termsOfService: https://www.vanta.com/terms
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
  license:
    name: Vanta Terms of Service
    url: https://www.vanta.com/terms
  version: 0.0.1
servers:
  - url: https://api.vanta.com
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com
    description: Vanta Gov (FedRAMP)
security:
  - oauth:
      - connectors.self:read-resource
      - connectors.self:write-resource
tags:
  - name: API Endpoint Vulnerabilities
  - name: Background Checks
  - name: Custom Resources
  - name: Documents
  - name: MacOS User Computers
  - name: Package Vulnerabilities
  - name: Secrets
  - name: Security Tasks
  - name: Static Code Analysis Vulnerabilities
  - name: User Accounts
  - name: User Security Training Statuses
  - name: Vulnerable Components
  - name: Windows User Computers
paths:
  /v1/resources/vulnerable_component:
    put:
      tags:
        - Vulnerable Components
      summary: Sync all Vulnerable Components
      description: >-
        To send us data related to system components that have vulnerabilities.


        This call replaces ALL existing `VulnerableComponent` resources for the
        given app and `source_id` - this is a "state of the world" sync. In
        other words, if a `VulnerableComponent` resource is sent for a user in a
        previous `sync_all` call, but is not included in a later `sync_all` call
        for that customer, it is assumed to no longer exist and is deleted in
        Vanta.


        ** Headers **

        ```

        Authorization: Bearer <access_token>

        ```


        ** Scopes **

        ```

        connectors.self:write-resource

        ```


        ** Schema **


        Expand the `resources` array below for the schema of
        `VulnerableComponent`.
      operationId: put-VulnerableComponent
      requestBody:
        description: List of resources to sync
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - resourceId
                - resources
              properties:
                resourceId:
                  type: string
                  description: >-
                    Vanta generated identifier for the given resource, and can
                    be found on the developer console page. See the list of
                    registered resources and their IDs on
                    https://app.vanta.com/settings/developer-console/<app_id>?tab=resources
                resources:
                  type: array
                  items:
                    properties:
                      displayName:
                        type: string
                        description: >-
                          A human readable label for this resource - will be
                          shown as-is in inventory page.
                      uniqueId:
                        type: string
                        description: A stable global identifier for this resource.
                      externalUrl:
                        type: string
                        description: >-
                          A link to this resource on the partner site. This must
                          be a HTTPS URL.
                      collectedTimestamp:
                        type: string
                        format: date-time
                        description: >-
                          A timestamp that indicates when the data being sent
                          was collected from the vulnerable component. In some
                          cases, you may have staggered data collection for the
                          various data being sent. In that case, feel free to
                          use the latest collected timestamp for the individual
                          data items to populate this field.
                      name:
                        type: string
                        description: >-
                          The name of the system component in which a
                          vulnerability has been detected.
                      description:
                        type: string
                        description: >-
                          Description of the system component in which a
                          vulnerability has been detected.
                      targetType:
                        description: >-
                          The type of the system component in which a
                          vulnerability has been detected (eg: container, source
                          code repository).
                        enum:
                          - HOST
                          - SERVER
                          - CONTAINER
                          - CONTAINER_REPOSITORY
                          - CONTAINER_REPOSITORY_IMAGE
                          - CODE_REPOSITORY
                          - SERVERLESS_FUNCTION
                          - MANIFEST_FILE
                          - WORKSTATION
                          - OTHER
                    required:
                      - displayName
                      - uniqueId
                      - externalUrl
                      - collectedTimestamp
                      - name
                      - description
                      - targetType
      responses:
        '200':
          description: The current resources synced.
          content:
            application/json:
              schema:
                type: object
                required:
                  - success
                properties:
                  success:
                    type: boolean
components:
  securitySchemes:
    oauth:
      type: oauth2
      x-default: vat_llamainapajama
      flows:
        authorizationCode:
          authorizationUrl: https://app.vanta.com/oauth/authorize
          tokenUrl: https://api.vanta.com/oauth/token
          scopes:
            connectors.self:write-resource: Send data to your account.
            connectors.self:read-resource: Read data from your account.

````