> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Find vulnerabilities approaching SLAs

> Query vulnerabilities approaching their remediation deadline so you can prioritize fixes before they breach SLA, using the Manage Vanta API.

export function vibePromptBuildText(prompt, pageTitle) {
  const url = typeof window !== "undefined" && window.location ? window.location.href : "";
  const ref = url ? "\n\nReference: " + (pageTitle || "Vanta docs") + " — " + url : "";
  return prompt + ref;
}

export function vibePromptOpen(e) {
  e.preventDefault();
  e.stopPropagation();
  const link = e.currentTarget;
  const target = link.getAttribute("data-target");
  const prompt = link.getAttribute("data-prompt") || "";
  const pageTitle = link.getAttribute("data-page-title") || "";
  const URL_LIMIT = 8000;
  const text = vibePromptBuildText(prompt, pageTitle);
  let enc = encodeURIComponent(text);
  if (enc.length > URL_LIMIT) enc = encodeURIComponent(text.slice(0, 2400));
  let dest = "";
  if (target === "cursor") dest = "cursor://anysphere.cursor-deeplink/prompt?text=" + enc; else if (target === "claude") dest = "https://claude.ai/new?q=" + enc; else if (target === "chatgpt") dest = "https://chatgpt.com/?q=" + enc;
  if (!dest) return;
  if (target === "cursor") {
    window.location.href = dest;
  } else {
    window.open(dest, "_blank", "noopener,noreferrer");
  }
}

export function vibePromptCopy(e) {
  e.preventDefault();
  e.stopPropagation();
  const btn = e.currentTarget;
  const prompt = btn.getAttribute("data-prompt") || "";
  const pageTitle = btn.getAttribute("data-page-title") || "";
  const original = btn.getAttribute("data-label") || btn.innerText;
  btn.setAttribute("data-label", original);
  const text = vibePromptBuildText(prompt, pageTitle);
  navigator.clipboard.writeText(text).then(function () {
    btn.innerText = "Copied";
    setTimeout(function () {
      btn.innerText = original;
    }, 1500);
  }, function () {
    btn.innerText = "Copy failed";
    setTimeout(function () {
      btn.innerText = original;
    }, 1500);
  });
}

export function vibePromptToggle(e) {
  e.preventDefault();
  const summary = e.currentTarget;
  const panel = summary.parentElement;
  if (!panel) return;
  const body = panel.querySelector(".vibe-prompt__body");
  const chevron = summary.querySelector(".vibe-prompt__chevron");
  const isOpen = panel.getAttribute("data-open") === "true";
  const next = isOpen ? "false" : "true";
  panel.setAttribute("data-open", next);
  summary.setAttribute("aria-expanded", next);
  if (body) body.style.display = isOpen ? "none" : "block";
  if (chevron) chevron.style.transform = isOpen ? "rotate(0deg)" : "rotate(180deg)";
}

export const BuildPrompt = ({prompt, pageTitle, defaultOpen}) => <div className="vibe-prompt__panel" data-open={defaultOpen ? "true" : "false"} style={{
  marginTop: "0.85rem",
  borderRadius: "12px",
  border: "1px solid var(--vanta-border, rgba(120, 120, 130, 0.18))",
  background: "color-mix(in srgb, #5E05C4 4%, transparent)",
  overflow: "hidden"
}}>
    <button type="button" onClick={vibePromptToggle} aria-expanded={defaultOpen ? "true" : "false"} style={{
  display: "flex",
  alignItems: "center",
  gap: "0.75rem",
  width: "100%",
  padding: "0.9rem 1.1rem",
  background: "transparent",
  border: "none",
  textAlign: "left",
  cursor: "pointer",
  font: "inherit",
  color: "inherit"
}}>
      <span style={{
  display: "inline-flex",
  alignItems: "center",
  justifyContent: "center",
  gap: "0.35rem",
  padding: "0.2rem 0.55rem",
  borderRadius: "9999px",
  fontSize: "0.7rem",
  fontWeight: 700,
  letterSpacing: "0.06em",
  textTransform: "uppercase",
  color: "#5E05C4",
  background: "color-mix(in srgb, #5E05C4 12%, transparent)",
  border: "1px solid color-mix(in srgb, #5E05C4 30%, transparent)",
  whiteSpace: "nowrap",
  flexShrink: 0,
  minWidth: "9rem"
}}>
        Code this
      </span>
      <span style={{
  flex: 1,
  minWidth: 0
}}>
        <span className="text-gray-600 dark:text-gray-300" style={{
  display: "block",
  fontSize: "0.85rem",
  lineHeight: 1.45
}}>
          Generate a script or app that performs this function using the Vanta API.
        </span>
      </span>
      <span className="vibe-prompt__chevron" aria-hidden="true" style={{
  flexShrink: 0,
  display: "inline-flex",
  alignItems: "center",
  justifyContent: "center",
  width: "24px",
  height: "24px",
  color: "#5E05C4",
  transform: defaultOpen ? "rotate(180deg)" : "rotate(0deg)",
  transition: "transform 200ms ease"
}}>
        <Icon icon="chevron-down" iconType="regular" size={14} color="#5E05C4" />
      </span>
    </button>
    <div className="vibe-prompt__body" style={{
  display: defaultOpen ? "block" : "none",
  padding: "0 1.1rem 1.1rem"
}}>
      <div style={{
  margin: 0,
  padding: "0.85rem 1rem",
  borderRadius: "8px",
  background: "rgba(15, 17, 21, 0.92)",
  color: "#f4f4f5",
  fontSize: "0.78rem",
  lineHeight: 1.55,
  fontFamily: "ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, 'Liberation Mono', 'Courier New', monospace",
  whiteSpace: "pre-wrap",
  wordBreak: "break-word",
  overflowWrap: "anywhere",
  overflowX: "hidden",
  overflowY: "auto",
  maxHeight: "22rem"
}}>
        {prompt}
      </div>
      <div className="not-prose" style={{
  display: "flex",
  flexWrap: "wrap",
  gap: "0.5rem",
  marginTop: "0.75rem"
}}>
        <button type="button" onClick={vibePromptCopy} data-prompt={prompt} data-page-title={pageTitle} style={{
  display: "inline-flex",
  alignItems: "center",
  gap: "0.4rem",
  padding: "0.4rem 0.85rem",
  borderRadius: "8px",
  border: "none",
  cursor: "pointer",
  fontSize: "0.8rem",
  fontWeight: 600,
  color: "#ffffff",
  background: "#5E05C4"
}}>
          <Icon icon="copy" iconType="regular" size={13} color="#ffffff" />
          Copy prompt
        </button>
        <a href="#" onClick={vibePromptOpen} data-target="cursor" data-prompt={prompt} data-page-title={pageTitle} className="vibe-prompt__link" style={{
  display: "inline-flex",
  alignItems: "center",
  gap: "0.4rem",
  padding: "0.4rem 0.75rem",
  borderRadius: "8px",
  border: "1px solid var(--vanta-border, rgba(120, 120, 130, 0.25))",
  fontSize: "0.8rem",
  fontWeight: 500,
  textDecoration: "none",
  color: "inherit",
  background: "transparent"
}}>
          <Icon icon="arrow-up-right-from-square" iconType="regular" size={11} color="#5E05C4" /><span>Cursor</span>
        </a>
        <a href="#" onClick={vibePromptOpen} data-target="claude" data-prompt={prompt} data-page-title={pageTitle} className="vibe-prompt__link" style={{
  display: "inline-flex",
  alignItems: "center",
  gap: "0.4rem",
  padding: "0.4rem 0.75rem",
  borderRadius: "8px",
  border: "1px solid var(--vanta-border, rgba(120, 120, 130, 0.25))",
  fontSize: "0.8rem",
  fontWeight: 500,
  textDecoration: "none",
  color: "inherit",
  background: "transparent"
}}>
          <Icon icon="arrow-up-right-from-square" iconType="regular" size={11} color="#5E05C4" /><span>Claude</span>
        </a>
        <a href="#" onClick={vibePromptOpen} data-target="chatgpt" data-prompt={prompt} data-page-title={pageTitle} className="vibe-prompt__link" style={{
  display: "inline-flex",
  alignItems: "center",
  gap: "0.4rem",
  padding: "0.4rem 0.75rem",
  borderRadius: "8px",
  border: "1px solid var(--vanta-border, rgba(120, 120, 130, 0.25))",
  fontSize: "0.8rem",
  fontWeight: 500,
  textDecoration: "none",
  color: "inherit",
  background: "transparent"
}}>
          <Icon icon="arrow-up-right-from-square" iconType="regular" size={11} color="#5E05C4" /><span>ChatGPT</span>
        </a>
      </div>
    </div>
  </div>;

export const AskPrompt = ({prompt, pageTitle, defaultOpen}) => <div className="vibe-prompt__panel" data-open={defaultOpen ? "true" : "false"} style={{
  marginTop: "0.85rem",
  borderRadius: "12px",
  border: "1px solid var(--vanta-border, rgba(120, 120, 130, 0.18))",
  background: "color-mix(in srgb, #3b82f6 4%, transparent)",
  overflow: "hidden"
}}>
    <button type="button" onClick={vibePromptToggle} aria-expanded={defaultOpen ? "true" : "false"} style={{
  display: "flex",
  alignItems: "center",
  gap: "0.75rem",
  width: "100%",
  padding: "0.9rem 1.1rem",
  background: "transparent",
  border: "none",
  textAlign: "left",
  cursor: "pointer",
  font: "inherit",
  color: "inherit"
}}>
      <span style={{
  display: "inline-flex",
  alignItems: "center",
  justifyContent: "center",
  gap: "0.35rem",
  padding: "0.2rem 0.55rem",
  borderRadius: "9999px",
  fontSize: "0.7rem",
  fontWeight: 700,
  letterSpacing: "0.06em",
  textTransform: "uppercase",
  color: "#3b82f6",
  background: "color-mix(in srgb, #3b82f6 12%, transparent)",
  border: "1px solid color-mix(in srgb, #3b82f6 30%, transparent)",
  whiteSpace: "nowrap",
  flexShrink: 0,
  minWidth: "9rem"
}}>
        Ask Vanta Agent
      </span>
      <span style={{
  flex: 1,
  minWidth: 0
}}>
        <span className="text-gray-600 dark:text-gray-300" style={{
  display: "block",
  fontSize: "0.85rem",
  lineHeight: 1.45
}}>
          Use the Vanta MCP server to run this workflow on your behalf.
        </span>
      </span>
      <span className="vibe-prompt__chevron" aria-hidden="true" style={{
  flexShrink: 0,
  display: "inline-flex",
  alignItems: "center",
  justifyContent: "center",
  width: "24px",
  height: "24px",
  color: "#3b82f6",
  transform: defaultOpen ? "rotate(180deg)" : "rotate(0deg)",
  transition: "transform 200ms ease"
}}>
        <Icon icon="chevron-down" iconType="regular" size={14} color="#3b82f6" />
      </span>
    </button>
    <div className="vibe-prompt__body" style={{
  display: defaultOpen ? "block" : "none",
  padding: "0 1.1rem 1.1rem"
}}>
      <div style={{
  margin: 0,
  padding: "0.85rem 1rem",
  borderRadius: "8px",
  background: "rgba(15, 17, 21, 0.92)",
  color: "#f4f4f5",
  fontSize: "0.78rem",
  lineHeight: 1.55,
  fontFamily: "ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, 'Liberation Mono', 'Courier New', monospace",
  whiteSpace: "pre-wrap",
  wordBreak: "break-word",
  overflowWrap: "anywhere",
  overflowX: "hidden"
}}>
        {prompt}
      </div>
      <div className="not-prose" style={{
  display: "flex",
  flexWrap: "wrap",
  gap: "0.5rem",
  marginTop: "0.75rem"
}}>
        <button type="button" onClick={vibePromptCopy} data-prompt={prompt} data-page-title={pageTitle} style={{
  display: "inline-flex",
  alignItems: "center",
  gap: "0.4rem",
  padding: "0.4rem 0.85rem",
  borderRadius: "8px",
  border: "none",
  cursor: "pointer",
  fontSize: "0.8rem",
  fontWeight: 600,
  color: "#ffffff",
  background: "#5E05C4"
}}>
          <Icon icon="copy" iconType="regular" size={13} color="#ffffff" />
          Copy prompt
        </button>
        <a href="#" onClick={vibePromptOpen} data-target="cursor" data-prompt={prompt} data-page-title={pageTitle} className="vibe-prompt__link" style={{
  display: "inline-flex",
  alignItems: "center",
  gap: "0.4rem",
  padding: "0.4rem 0.75rem",
  borderRadius: "8px",
  border: "1px solid var(--vanta-border, rgba(120, 120, 130, 0.25))",
  fontSize: "0.8rem",
  fontWeight: 500,
  textDecoration: "none",
  color: "inherit",
  background: "transparent"
}}>
          <Icon icon="arrow-up-right-from-square" iconType="regular" size={11} color="#5E05C4" /><span>Cursor</span>
        </a>
        <a href="#" onClick={vibePromptOpen} data-target="claude" data-prompt={prompt} data-page-title={pageTitle} className="vibe-prompt__link" style={{
  display: "inline-flex",
  alignItems: "center",
  gap: "0.4rem",
  padding: "0.4rem 0.75rem",
  borderRadius: "8px",
  border: "1px solid var(--vanta-border, rgba(120, 120, 130, 0.25))",
  fontSize: "0.8rem",
  fontWeight: 500,
  textDecoration: "none",
  color: "inherit",
  background: "transparent"
}}>
          <Icon icon="arrow-up-right-from-square" iconType="regular" size={11} color="#5E05C4" /><span>Claude</span>
        </a>
        <a href="#" onClick={vibePromptOpen} data-target="chatgpt" data-prompt={prompt} data-page-title={pageTitle} className="vibe-prompt__link" style={{
  display: "inline-flex",
  alignItems: "center",
  gap: "0.4rem",
  padding: "0.4rem 0.75rem",
  borderRadius: "8px",
  border: "1px solid var(--vanta-border, rgba(120, 120, 130, 0.25))",
  fontSize: "0.8rem",
  fontWeight: 500,
  textDecoration: "none",
  color: "inherit",
  background: "transparent"
}}>
          <Icon icon="arrow-up-right-from-square" iconType="regular" size={11} color="#5E05C4" /><span>ChatGPT</span>
        </a>
      </div>
    </div>
  </div>;

export const VibePrompts = ({children}) => <section className="vibe-prompts" style={{
  marginTop: "2.5rem",
  marginBottom: "2rem",
  padding: "1.5rem 1.5rem 1.25rem",
  borderRadius: "16px",
  border: "1px solid color-mix(in srgb, #5E05C4 22%, transparent)",
  background: "linear-gradient(180deg, color-mix(in srgb, #5E05C4 6%, transparent) 0%, transparent 100%)"
}}>
    <div style={{
  display: "flex",
  alignItems: "center",
  gap: "0.65rem",
  marginBottom: "0.25rem"
}}>
      <div style={{
  display: "inline-flex",
  alignItems: "center",
  justifyContent: "center",
  width: "32px",
  height: "32px",
  borderRadius: "9px",
  background: "color-mix(in srgb, #5E05C4 14%, transparent)"
}}>
        <Icon icon="wand-magic-sparkles" iconType="regular" size={16} color="#5E05C4" />
      </div>
      <div>
        <div className="text-gray-900 dark:text-white" style={{
  fontFamily: "Reckless, Georgia, serif",
  fontSize: "1.25rem",
  fontWeight: 500,
  lineHeight: 1.15
}}>
          Let AI do this for you
        </div>
        <div className="text-gray-600 dark:text-gray-300" style={{
  fontSize: "0.85rem",
  lineHeight: 1.45,
  marginTop: "0.15rem"
}}>
          Copy the prompt to run this live via the <a href="/docs/vanta-mcp" style={{
  color: "#5E05C4"
}}> MCP server</a> or have AI generate a runnable script.
        </div>
      </div>
    </div>
    {children}
  </section>;

export const VULN_ASK = "Using the Vanta MCP server, show me all CRITICAL and HIGH vulnerabilities whose remediation SLA deadline falls within the next 14 days.\n\nFor each one, include the vulnerability name, CVE ID (if available), integration it came from, the affected asset, whether a fix is available, and the exact remediation deadline. Group results by integration.";
export const VULN_BUILD = "Using the Manage Vanta API (base URL https://api.vanta.com), write a Node.js script that:\n\n1. Mints a Vanta API token using the client-credentials flow. Re-mint at the top of every scheduled run (tokens expire after one hour).\n2. Computes two ISO 8601 timestamps for now and now+14 days using new Date().toISOString().\n3. Calls GET /v1/vulnerabilities with pageSize=100, slaDeadlineAfterDate, slaDeadlineBeforeDate, severity=CRITICAL (run a second pass for HIGH), and isFixAvailable=true.\n4. Paginates using results.pageInfo.endCursor until hasNextPage is false.\n5. Filters out items where deactivateMetadata is not null (suppressed vulnerabilities).\n6. Groups results by integrationId and prints: severity, name, remediateByDate, packageIdentifier, fixedVersion, externalURL.\n7. Prints a summary: total count, breakdown by severity and integration.\n\nError handling:\n- 401: re-mint and retry once.\n- 400 on date params: timestamps must be full ISO 8601 with timezone.\n- 5xx: retry with 2s exponential back-off, max 3 attempts.\n\nScope required: vanta-api.all:read.";

This guide queries `GET /v1/vulnerabilities` on the Manage Vanta API for CRITICAL and HIGH vulnerabilities whose remediation SLA deadline falls inside a configurable window — the standard pattern is "next 14 days" so security teams can prioritize fixes before they breach. Use the ask prompt to surface them through the Vanta MCP server, or the build prompt to generate a scheduled job that groups results by integration and skips suppressed vulnerabilities.

<VibePrompts>
  <AskPrompt prompt={VULN_ASK} />

  <BuildPrompt prompt={VULN_BUILD} />
</VibePrompts>

## Before you begin

This guide is for Vanta admins managing data inside their own Vanta account.

You'll need:

* A Manage Vanta [API token](/docs/quickstart/manage-vanta).
* The token must have scope `vanta-api.all:read`.
* At least one vulnerability scanner integration connected to Vanta (e.g. Snyk, Qualys, Inspector).

Vanta consolidates scan results from multiple tools into a single view and tracks remediation against the SLAs you've configured. The vulnerabilities endpoint lets you slice that view by SLA window so you can act on what's actually about to breach.

<Info>
  Wiring this into a daily nudge or ticketing automation? Re-mint your token at the top of each run, query `slaDeadlineBeforeDate` set to "today + 14 days", and feed the response into your downstream system.
</Info>

<Steps>
  <Step title="Pick the SLA window">
    Decide which vulnerabilities to surface. Most teams use one of:

    * **Approaching breach** — `slaDeadlineAfterDate` = now, `slaDeadlineBeforeDate` = now + 7–14 days.
    * **Already breached** — `slaDeadlineBeforeDate` = now (with no `slaDeadlineAfterDate`).
    * **All vulnerabilities with an SLA** — both params omitted, but `includeVulnerabilitiesWithoutSlas=false`.

    Layer in `severity=CRITICAL` (or `HIGH`), `isFixAvailable=true`, and `integrationId=<scanner>` to narrow further.

    ```bash Terminal theme={"system"}
    # Two-week window: due after today, before today + 14 days
    AFTER=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
    BEFORE=$(date -u -v+14d +"%Y-%m-%dT%H:%M:%SZ")  # GNU date: date -u -d '+14 days' +%Y-%m-%dT%H:%M:%SZ

    echo "from $AFTER to $BEFORE"
    ```

    <AccordionGroup>
      <Accordion title="What other filters can I combine?">
        `severity` (`CRITICAL`/`HIGH`/`MEDIUM`/`LOW`), `isFixAvailable`, `integrationId`, `packageIdentifier`, `vulnerableAssetId`, `externalVulnerabilityId`, `q` (free-text search), and `includeVulnerabilitiesWithoutSlas`.
      </Accordion>

      <Accordion title="Vulnerabilities without SLAs?">
        By default the endpoint excludes vulnerabilities that have no `remediateByDate`. Set `includeVulnerabilitiesWithoutSlas=true` to include them — useful if a scanner doesn't emit severities Vanta can map to an SLA.
      </Accordion>
    </AccordionGroup>
  </Step>

  <Step title="Query vulnerabilities by SLA window">
    **Your terminal** — call [`GET /v1/vulnerabilities`](/api-reference/vulnerabilities/get-vulnerabilities) with the SLA window and any extra filters.

    <CodeGroup>
      ```javascript Node.js theme={"system"}
      const after = new Date().toISOString();
      const before = new Date(Date.now() + 14 * 24 * 60 * 60 * 1000).toISOString();

      const url = new URL("https://api.vanta.com/v1/vulnerabilities");
      url.searchParams.set("pageSize", "50");
      url.searchParams.set("slaDeadlineAfterDate", after);
      url.searchParams.set("slaDeadlineBeforeDate", before);
      url.searchParams.set("severity", "CRITICAL");
      url.searchParams.set("isFixAvailable", "true");

      const res = await fetch(url, {
        headers: { Authorization: "Bearer YOUR_TOKEN" },
      });
      const body = await res.json();
      for (const vuln of body.results.data) {
        console.log(vuln.severity, vuln.name, "due", vuln.remediateByDate);
      }
      ```

      ```python Python theme={"system"}
      from datetime import datetime, timedelta, timezone
      import requests

      after = datetime.now(timezone.utc).isoformat().replace("+00:00", "Z")
      before = (datetime.now(timezone.utc) + timedelta(days=14)).isoformat().replace("+00:00", "Z")

      r = requests.get(
          "https://api.vanta.com/v1/vulnerabilities",
          headers={"Authorization": "Bearer YOUR_TOKEN"},
          params={
              "pageSize": 50,
              "slaDeadlineAfterDate": after,
              "slaDeadlineBeforeDate": before,
              "severity": "CRITICAL",
              "isFixAvailable": "true",
          },
      )
      r.raise_for_status()
      for vuln in r.json()["results"]["data"]:
          print(vuln["severity"], vuln["name"], "due", vuln["remediateByDate"])
      ```

      ```bash Terminal theme={"system"}
      AFTER=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
      BEFORE=$(date -u -v+14d +"%Y-%m-%dT%H:%M:%SZ")

      curl --get 'https://api.vanta.com/v1/vulnerabilities' \
        --data-urlencode 'pageSize=50' \
        --data-urlencode "slaDeadlineAfterDate=$AFTER" \
        --data-urlencode "slaDeadlineBeforeDate=$BEFORE" \
        --data-urlencode 'severity=CRITICAL' \
        --data-urlencode 'isFixAvailable=true' \
        -H 'Accept: application/json' \
        -H 'Authorization: Bearer YOUR_TOKEN'
      ```
    </CodeGroup>

    Expected response (`200`) — paginated vulnerabilities, sorted by `remediateByDate` ascending (most urgent first):

    ```json theme={"system"}
    {
      "results": {
        "data": [
          {
            "id": "65f05b5def4a9f04c44e5748",
            "name": "CVE-2021-3711",
            "description": "Alpine Linux Security Update for OpenSSL",
            "integrationId": "qualys",
            "packageIdentifier": "libssl1.1:1.1.1g-r0",
            "vulnerabilityType": "COMMON",
            "targetId": "65f05b57f37f4ffbd87dc20c",
            "severity": "CRITICAL",
            "cvssSeverityScore": 9.8,
            "isFixable": true,
            "fixedVersion": "1.1.1n-r0",
            "remediateByDate": "2024-04-16T17:14:26.718Z",
            "externalURL": "https://qualysguard.qg4.apps.qualys.com/cs/#/...",
            "deactivateMetadata": null
          }
        ],
        "pageInfo": { "hasNextPage": true, "endCursor": "..." }
      }
    }
    ```

    Use `targetId` to join back to the affected asset, `externalURL` to deep-link to your scanner, and `remediateByDate` to drive your countdown.

    <AccordionGroup>
      <Accordion title="Got a 401?">
        Token is expired (one-hour lifetime), missing, or lacks `vanta-api.all:read`. Mint a fresh one — see [Authentication → Token expiration](/docs/concepts/authentication#token-expiration).
      </Accordion>

      <Accordion title="Got a 400 on the date params?">
        `slaDeadlineAfterDate` and `slaDeadlineBeforeDate` must be ISO 8601 timestamps with timezone (e.g. `2024-04-16T17:14:26.718Z`). Plain dates without time-of-day will be rejected.
      </Accordion>

      <Accordion title="Need to paginate?">
        Read `results.pageInfo.endCursor` and `hasNextPage`. Re-call with `pageCursor=<endCursor>` until `hasNextPage` is `false`. Don't try to fetch all vulnerabilities in one call — `pageSize` caps at 100.
      </Accordion>

      <Accordion title="Result includes a `deactivateMetadata` object?">
        That vulnerability has been deactivated (suppressed). It still appears in the list but won't impact tests. Filter client-side on `deactivateMetadata == null` if you only want active items.
      </Accordion>
    </AccordionGroup>
  </Step>
</Steps>

<Info>
  **Suppressing a known false positive?** Use [`POST /v1/vulnerabilities/deactivate`](/api-reference/vulnerabilities/deactivate-vulnerability-monitoring-for-a-vulnerability) with a reason. Reactivate later with the matching `/reactivate` endpoint.
</Info>

## Congratulations

You've pulled the canonical list of vulnerabilities approaching their SLA deadline. Wire this into a Slack channel, Jira ticket creator, or PagerDuty schedule so your remediation work happens against actual deadlines instead of a static dashboard.

***

## Next steps

<CardGroup cols={2}>
  <Card title="Query failing tests" icon="circle-exclamation" href="/docs/guides/query-test-results-and-filter-for-failing-resources">
    See which tests are failing because of overdue vulnerabilities.
  </Card>

  <Card title="Subscribe to webhooks" icon="bolt" href="/docs/webhooks">
    React in real time when a vulnerability is detected, deactivated, or remediated.
  </Card>

  <Card title="Try it in Postman" icon="paper-plane" href="/docs/postman-setup">
    Import the collection and run the vulnerability query against a sandbox in seconds.
  </Card>

  <Card title="Manage Vanta API reference" icon="book" href="/reference/manage-vanta/overview">
    Browse every Manage Vanta endpoint — vulnerabilities, tests, controls, documents, people.
  </Card>
</CardGroup>
