Query Test Results
Tests are automated checks Vanta runs against your integration environments, such as AWS and Okta for example. This also includes other checks like ensuring employees are completing onboarding/recurring security tasks.
Let's start with a basic example. Below is a query that will return all test results for our organization. You will see three unique fields returned for each test; The name of the test, the test's unique identifier, and the outcome or result of the test's current state. For those new to GraphQL, GetTestResults
is the optional label we are using to name this query. Naming your queries has many benefits; check out some best practices here!
query GetTestResults {
organization {
currentTestResults {
name
testId
outcome
}
}
}
A partial example output is below:
{
"data": {
"organization": {
"currentTestResults": [
{
"name": "EC2 instance public ports restricted (AWS)",
"testId": "aws-ec2instances-ports-restricted",
"outcome": "FAIL"
}
]
}
}
}
We can also go one step further to see which resources are out of compliance! In the example below, we have added the failingResourceEntities
field, requesting the displayName
of each failing resource so that we can identify them. You'll also notice we added in the argument first:
so that our results are limited to a specific quantity.
query GetTestResults {
organization {
currentTestResults {
name
testId
outcome
failingResourceEntities(first: 3) {
edges {
node {
resource {
displayName
}
}
}
}
}
}
}
We trimmed the example output below to highlight the area containing the specific failing resources. Here we can see the EC2 instances that are failing the test:
{
"name": "EC2 instance public ports restricted (AWS)",
"testId": "aws-ec2instances-ports-restricted",
"outcome": "FAIL",
"failingResourceEntities": {
"edges": [
{
"node": {
"resource": {
"displayName": "react-compute-frontend: i-0ab4bde3c68a01763 (xx.xx.149.14)"
}
}
},
{
"node": {
"resource": {
"displayName": "i-0d83ad2b4057623c7 (xx.xx.29.244)"
}
}
},
{
"node": {
"resource": {
"displayName": "i-0684293941e5e0a5c (xx.xx.28.212)"
}
}
}
]
}
}
We can filter our results using the TestResultsFilter
type to only see tests with a specific outcome
, which can be one of the following values: PASS
, FAIL
, DISABLED
, IN_PROGRESS
,INVALID
, or NA
.
query GetFailingTestResults {
organization {
currentTestResults(filter: { outcome: FAIL }) {
name
testId
outcome
failingResourceEntities(first: 3) {
edges {
node {
resource {
displayName
}
}
}
}
}
}
}
{
"data": {
"organization": {
"currentTestResults": [
{
"name": "Compute Instance public ports restricted (GCP)",
"testId": "gcp-computeinstance-ports-restricted",
"outcome": "FAIL",
"failingResourceEntities": {
"edges": [
{
"node": {
"resource": {
"displayName": "instance-1"
}
}
},
{
"node": {
"resource": {
"displayName": "ubuntu-bionic-1"
}
}
},
{
"node": {
"resource": {
"displayName": "vm-backend-service-2"
}
}
}
]
}
}
]
}
}
}
We could also filter for specific testIds
(Note that I also added in two additional fields, failMessage
and latestFlip
):
query GetTestResults {
organization {
currentTestResults(filter: { testIds: ["gcp-computeinstance-ports-restricted", "slack-account-mfa-enabled"] } ) {
name
testId
outcome
failMessage
latestFlip
failingResourceEntities(first: 3) {
edges {
node {
resource {
displayName
}
}
}
}
}
}
}
{
"data": {
"organization": {
"currentTestResults": [
{
"name": "Compute Instance public ports restricted (GCP)",
"testId": "gcp-computeinstance-ports-restricted",
"outcome": "FAIL",
"failMessage": "Some compute instances are being publicly exposed to the internet via their firewall rules.",
"latestFlip": "2023-03-28T00:00:20.185Z",
"failingResourceEntities": {
"edges": [
{
"node": {
"resource": {
"displayName": "instance-1"
}
}
},
{
"node": {
"resource": {
"displayName": "ubuntu-bionic-1"
}
}
},
{
"node": {
"resource": {
"displayName": "vm-backend-service-2"
}
}
}
]
}
},
{
"name": "MFA on Slack",
"testId": "slack-account-mfa-enabled",
"outcome": "FAIL",
"failMessage": "The following accounts are not protected with MFA",
"latestFlip": "2023-02-06T19:06:58.729Z",
"failingResourceEntities": {
"edges": [
{
"node": {
"resource": {
"displayName": "[email protected]"
}
}
},
{
"node": {
"resource": {
"displayName": "[email protected]"
}
}
},
{
"node": {
"resource": {
"displayName": "[email protected]"
}
}
}
]
}
}
]
}
}
}
Updated 12 months ago
Try doing the same type of query on this next page but with Documents instead!