Query Test Results

Tests are automated checks Vanta runs against your integration environments, such as AWS and Okta for example. This also includes other checks like ensuring employees are completing onboarding/recurring security tasks.

Let's start with a basic example. Below is a query that will return all test results for our organization. You will see three unique fields returned for each test; The name of the test, the test's unique identifier, and the outcome or result of the test's current state. For those new to GraphQL, GetTestResults is the optional label we are using to name this query. Naming your queries has many benefits; check out some best practices here!

Try it yourself!

query GetTestResults {
  organization {
    currentTestResults {
      name
      testId
      outcome
    }
  }
}

A partial example output is below:

{
  "data": {
    "organization": {
      "currentTestResults": [
        {
          "name": "EC2 instance public ports restricted (AWS)",
          "testId": "aws-ec2instances-ports-restricted",
          "outcome": "FAIL"
        }
      ]
    }
  } 
}

We can also go one step further to see which resources are out of compliance! In the example below, we have added the failingResourceEntities field, requesting the displayName of each failing resource so that we can identify them. You'll also notice we added in the argument first: so that our results are limited to a specific quantity.

Try it yourself!

query GetTestResults {
  organization {
    currentTestResults {
      name
      testId
      outcome
      failingResourceEntities(first: 3) {
        edges {
          node {
            resource {
              displayName
            }
          }
        }
      }
    }
  }
}

We trimmed the example output below to highlight the area containing the specific failing resources. Here we can see the EC2 instances that are failing the test:

{
  "name": "EC2 instance public ports restricted (AWS)",
  "testId": "aws-ec2instances-ports-restricted",
  "outcome": "FAIL",
  "failingResourceEntities": {
    "edges": [
      {
        "node": {
          "resource": {
            "displayName": "react-compute-frontend: i-0ab4bde3c68a01763 (xx.xx.149.14)"
          }
        }
      },
      {
        "node": {
          "resource": {
            "displayName": "i-0d83ad2b4057623c7 (xx.xx.29.244)"
          }
        }
      },
      {
        "node": {
          "resource": {
            "displayName": "i-0684293941e5e0a5c (xx.xx.28.212)"
          }
        }
      }
    ]
  }
}

We can filter our results using the TestResultsFilter type to only see tests with a specific outcome, which can be one of the following values: PASS, FAIL, DISABLED, IN_PROGRESS,INVALID, or NA.

Try it yourself!

query GetFailingTestResults {
  organization {
    currentTestResults(filter: { outcome: FAIL }) {
      name
      testId
      outcome
      failingResourceEntities(first: 3) {
        edges {
          node {
            resource {
              displayName
            }
          }
        }
      }
    }
  }
}
{
  "data": {
    "organization": {
      "currentTestResults": [
        {
          "name": "Compute Instance public ports restricted (GCP)",
          "testId": "gcp-computeinstance-ports-restricted",
          "outcome": "FAIL",
          "failingResourceEntities": {
            "edges": [
              {
                "node": {
                  "resource": {
                    "displayName": "instance-1"
                  }
                }
              },
              {
                "node": {
                  "resource": {
                    "displayName": "ubuntu-bionic-1"
                  }
                }
              },
              {
                "node": {
                  "resource": {
                    "displayName": "vm-backend-service-2"
                  }
                }
              }
            ]
          }
        }
      ]
    }
  }
}

We could also filter for specific testIds (Note that I also added in two additional fields, failMessage and latestFlip):

Try it yourself!

query GetTestResults {
  organization {
    currentTestResults(filter: { testIds: ["gcp-computeinstance-ports-restricted", "slack-account-mfa-enabled"] } ) {
      name
      testId
      outcome
      failMessage
      latestFlip
      failingResourceEntities(first: 3) {
        edges {
          node {
            resource {
              displayName
            }
          }
        }
      }
    }
  }
}

{
  "data": {
    "organization": {
      "currentTestResults": [
        {
          "name": "Compute Instance public ports restricted (GCP)",
          "testId": "gcp-computeinstance-ports-restricted",
          "outcome": "FAIL",
          "failMessage": "Some compute instances are being publicly exposed to the internet via their firewall rules.",
          "latestFlip": "2023-03-28T00:00:20.185Z",
          "failingResourceEntities": {
            "edges": [
              {
                "node": {
                  "resource": {
                    "displayName": "instance-1"
                  }
                }
              },
              {
                "node": {
                  "resource": {
                    "displayName": "ubuntu-bionic-1"
                  }
                }
              },
              {
                "node": {
                  "resource": {
                    "displayName": "vm-backend-service-2"
                  }
                }
              }
            ]
          }
        },
        {
          "name": "MFA on Slack",
          "testId": "slack-account-mfa-enabled",
          "outcome": "FAIL",
          "failMessage": "The following accounts are not protected with MFA",
          "latestFlip": "2023-02-06T19:06:58.729Z",
          "failingResourceEntities": {
            "edges": [
              {
                "node": {
                  "resource": {
                    "displayName": "[email protected]"
                  }
                }
              },
              {
                "node": {
                  "resource": {
                    "displayName": "[email protected]"
                  }
                }
              },
              {
                "node": {
                  "resource": {
                    "displayName": "[email protected]"
                  }
                }
              }
            ]
          }
        }
      ]
    }
  }
}

What’s Next

Try doing the same type of query on this next page but with Documents instead!