Vanta Developer Console
Docs

Build integrations

Suggest Edits

Overview

The following guides within this section are meant for either Vanta partners building public integrations or Vanta customers that want to build private integrations.

The endpoints used for these guides are located in the "Build Integrations" section of our API Reference page. The other endpoints in the "Manage Vanta" section are related to the guides and use cases found in the programmatically manage your Vanta account and automate workflows section of our Overview page.

What is an integration?

An integration is a connection between your Vanta instance and some external environment. You've likely connected many integrations into Vanta when you initially onboarded, such as a cloud provider like AWS, GCP, and Azure or an Identity Provider like Google Workspace, Microsoft Office, and Okta. These are integrations that Vanta has built directly into these vendor's native APIs.

The primary use case for integrations is to ingest resource data into Vanta. A resource can be anything from a user account to something more complex, like server infrastructure.

Why would you want to build an integration?

Vanta supports two primary audiences for building integrations:

  1. Vanta Partners looking to build and publish their integration to Vanta's integration marketplace. If you want to learn more about becoming a Vanta Partner, visit this page to learn more!
  2. Vanta customers looking to build private integrations only they can leverage. Although Vanta has over 300+ integrations pre-built, there's a chance a tool you use isn't supported out-of-the-box. There's also on-premise environments or homegrown applications Vanta may never inherently support. These are perfect use cases for building your own integrations!

What types of integrations can I build?

Resource data you send in from integrations will appear in various product areas within Vanta. Vanta will also auto-create automated tests on your behalf if you use the out-of-the-box resource types Vanta supports! You can also create Custom Tests with your own logic on top of the data sets you send in. This is especially useful for custom resources. Here are a few examples of integrations you can build:

  • Monitor vulnerabilities from code repositories, software packages, and more
  • Monitor user accounts and use this data to perform Access Reviews
  • Monitor Windows and MacOS devices to ensure employee devices are in compliance
  • Send in background check completion status for employees
  • Send in security awareness training status for employees

How do I build an integration?

First, you'll need to decide if you want to build a public or a private integration:

  • Public integrations are for Vanta partners that want to publish their application to the Vanta integration ecosystem. This allows any Vanta customer to leverage the integration! If you are interested in creating a public integration, please follow our Partner Application Setup guide to become an official Vanta partner.
  • Private integrations are unique to your Vanta environment and will not be published to Vanta's integration ecosystem. This is a perfect use case for pushing data in from external systems your company uses, on-premise environments, or homegrown applications you built yourself. If you want to create a private integration, please follow our Authentication guide and choose the "Integration" application type.
  • If you are still unsure how you want to leverage the Vanta API, please refer to the Overview - API Capabilities page to understand all of our API's capabilities.

Then you should decide what type of resource data you want to send into Vanta:

  • Vanta supports a variety of resource types out of the box, as well as a custom resource type that fits all other use-cases not inherently supported. Please review the list of resources Vanta supports here: Supported Resource Types

Finally, you can start creating and sending resource data into Vanta:

  • Once you decide which resources you want to create, you can start defining their schemas. Here are some guides for sending data in: Create and Use Resources
  • Vanta also offers Custom Tests. Once you've built an integration, you may want to build a custom test on the data you've ingested. Learn more here: Custom Tests

Updated about 1 month ago

What’s Next