Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.vanta.com/llms.txt

Use this file to discover all available pages before exploring further.

This guide queries GET /v1/vulnerabilities on the Manage Vanta API for CRITICAL and HIGH vulnerabilities whose remediation SLA deadline falls inside a configurable window — the standard pattern is “next 14 days” so security teams can prioritize fixes before they breach. Use the ask prompt to surface them through the Vanta MCP server, or the build prompt to generate a scheduled job that groups results by integration and skips suppressed vulnerabilities.

Before you begin

This guide is for Vanta admins managing data inside their own Vanta account. You’ll need:
  • A Manage Vanta API token.
  • The token must have scope vanta-api.all:read.
  • At least one vulnerability scanner integration connected to Vanta (e.g. Snyk, Qualys, Inspector).
Vanta consolidates scan results from multiple tools into a single view and tracks remediation against the SLAs you’ve configured. The vulnerabilities endpoint lets you slice that view by SLA window so you can act on what’s actually about to breach.
Wiring this into a daily nudge or ticketing automation? Re-mint your token at the top of each run, query slaDeadlineBeforeDate set to “today + 14 days”, and feed the response into your downstream system.
1

Pick the SLA window

Decide which vulnerabilities to surface. Most teams use one of:
  • Approaching breachslaDeadlineAfterDate = now, slaDeadlineBeforeDate = now + 7–14 days.
  • Already breachedslaDeadlineBeforeDate = now (with no slaDeadlineAfterDate).
  • All vulnerabilities with an SLA — both params omitted, but includeVulnerabilitiesWithoutSlas=false.
Layer in severity=CRITICAL (or HIGH), isFixAvailable=true, and integrationId=<scanner> to narrow further.
Terminal
# Two-week window: due after today, before today + 14 days
AFTER=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
BEFORE=$(date -u -v+14d +"%Y-%m-%dT%H:%M:%SZ")  # GNU date: date -u -d '+14 days' +%Y-%m-%dT%H:%M:%SZ

echo "from $AFTER to $BEFORE"
severity (CRITICAL/HIGH/MEDIUM/LOW), isFixAvailable, integrationId, packageIdentifier, vulnerableAssetId, externalVulnerabilityId, q (free-text search), and includeVulnerabilitiesWithoutSlas.
By default the endpoint excludes vulnerabilities that have no remediateByDate. Set includeVulnerabilitiesWithoutSlas=true to include them — useful if a scanner doesn’t emit severities Vanta can map to an SLA.
2

Query vulnerabilities by SLA window

Your terminal — call GET /v1/vulnerabilities with the SLA window and any extra filters.
const after = new Date().toISOString();
const before = new Date(Date.now() + 14 * 24 * 60 * 60 * 1000).toISOString();

const url = new URL("https://api.vanta.com/v1/vulnerabilities");
url.searchParams.set("pageSize", "50");
url.searchParams.set("slaDeadlineAfterDate", after);
url.searchParams.set("slaDeadlineBeforeDate", before);
url.searchParams.set("severity", "CRITICAL");
url.searchParams.set("isFixAvailable", "true");

const res = await fetch(url, {
  headers: { Authorization: "Bearer YOUR_TOKEN" },
});
const body = await res.json();
for (const vuln of body.results.data) {
  console.log(vuln.severity, vuln.name, "due", vuln.remediateByDate);
}
Expected response (200) — paginated vulnerabilities, sorted by remediateByDate ascending (most urgent first):
{
  "results": {
    "data": [
      {
        "id": "65f05b5def4a9f04c44e5748",
        "name": "CVE-2021-3711",
        "description": "Alpine Linux Security Update for OpenSSL",
        "integrationId": "qualys",
        "packageIdentifier": "libssl1.1:1.1.1g-r0",
        "vulnerabilityType": "COMMON",
        "targetId": "65f05b57f37f4ffbd87dc20c",
        "severity": "CRITICAL",
        "cvssSeverityScore": 9.8,
        "isFixable": true,
        "fixedVersion": "1.1.1n-r0",
        "remediateByDate": "2024-04-16T17:14:26.718Z",
        "externalURL": "https://qualysguard.qg4.apps.qualys.com/cs/#/...",
        "deactivateMetadata": null
      }
    ],
    "pageInfo": { "hasNextPage": true, "endCursor": "..." }
  }
}
Use targetId to join back to the affected asset, externalURL to deep-link to your scanner, and remediateByDate to drive your countdown.
Token is expired (one-hour lifetime), missing, or lacks vanta-api.all:read. Mint a fresh one — see Authentication → Tokens expire after one hour.
slaDeadlineAfterDate and slaDeadlineBeforeDate must be ISO 8601 timestamps with timezone (e.g. 2024-04-16T17:14:26.718Z). Plain dates without time-of-day will be rejected.
Read results.pageInfo.endCursor and hasNextPage. Re-call with pageCursor=<endCursor> until hasNextPage is false. Don’t try to fetch all vulnerabilities in one call — pageSize caps at 100.
That vulnerability has been deactivated (suppressed). It still appears in the list but won’t impact tests. Filter client-side on deactivateMetadata == null if you only want active items.
Suppressing a known false positive? Use POST /v1/vulnerabilities/deactivate with a reason. Reactivate later with the matching /reactivate endpoint.

Congratulations

You’ve pulled the canonical list of vulnerabilities approaching their SLA deadline. Wire this into a Slack channel, Jira ticket creator, or PagerDuty schedule so your remediation work happens against actual deadlines instead of a static dashboard.

Next steps

Query failing tests

See which tests are failing because of overdue vulnerabilities.

Subscribe to webhooks

React in real time when a vulnerability is detected, deactivated, or remediated.

Try it in Postman

Import the collection and run the vulnerability query against a sandbox in seconds.

Manage Vanta API reference

Browse every Manage Vanta endpoint — vulnerabilities, tests, controls, documents, people.