Supported resource types

Resources

A resource is a piece of data (formatted as JSON) that describes an asset, such as a computer or user account. Resources power a vast range of product functionality in Vanta, including:

Each resource has a "resource type" that specifies the exact properties Vanta needs to power functionality. Simply send data matching that schema, and Vanta takes care of the rest.

Sending resources reduces the amount of manual effort collecting compliance evidence and enables monitoring the security of external environments that Vanta doesn't inherently integrate into.

Supported Application Resource Types

📘

You don't have to send us every resource type - just the subset that make sense for your product. For example, if your product is a task tracker, you'd likely only send UserAccounts and SecurityTasks.

Resource type

Description / functionality powered in Vanta

Recommended

for

UserAccount (info)

Accounts of users of your tool. Vanta will:

  • Display on Access page
  • Check that accounts have MFA and are deprovisioned when employees leave

All partners

MacOS
UserComputer
(info)

Employee or contractor MacOS computers. Vanta will:

MDMs

Windows
UserComputer
(info)

Same as MacOsUserComputer

MDMs

Secret
(info)

Secrets used to access applications or infrastructure. Vanta will:

  • Check all secrets have owners and are rotated frequently

Secret storage

SecurityTask
(info)

Security-relevant tasks or followups. Vanta will:

  • Check that tasks are finished promptly
  • Task trackers
  • Incident
    management tools

UserSecurity
TrainingStatus
(info)

Evidence of user security trainings. Vanta will:

Security training providers

VulnerableComponent
(info)

The asset that is vulnerable. A VulnerableComponent must be synced before any of the below vulnerabilities are synced. The vulnerability types below reference their affected component using the uniqueId of the component.

Vulnerability Scanners

ApiEndpoint
VulnerabilityConnectors
(info)

Known vulnerabilities detected in API endpoints. Vanta will:

  • Check that vulnerabilities are remediated in an appropriate timeline

Vulnerability Scanners

PackageVulnerability
Connectors (info)

Known vulnerabilities detected in package dependencies. Vanta will:

  • Check that vulnerabilities are remediated in an appropriate timeline

Vulnerability Scanners

StaticAnalysisCode
VulnerabilityConnectors (info)

Known vulnerabilities detected from static code analysis. Vanta will:

  • Check that vulnerabilities are remediated in an appropriate timeline

Vulnerability Scanners

BackgroundCheck
Connector (info)

Employee background check statuses. Vanta will:

  • HR services
  • Background Check services

CustomResource (info)

Custom resources can be used to fit all other use cases where Vanta doesn't already provide a base resource type. They can have fully custom schemas that can then be used in our custom tests feature.

All other use cases that don't fit a Vanta provided resource type

📘

Callout that the Custom Resource type is special

Documents

A document is any type of file based evidence such as a PDF or a CSV, that you can upload to Vanta. Uploading these documents removes the need for a user to login to the Vanta application to upload evidence.

All documents are associated with an "Evidence request", which defines what the document is providing evidence for. Each evidence request has a list of compliance controls that it is mapped to.

For example:

You are responsible for choosing the evidence requests to upload documents for. The best place to view all evidence requests is on the Documents page. You can also view all the controls on the Controls page, and see which evidence requests are listed under each control.

📘

To decide which evidence requests to upload documents for, visit the Documents page. If you're having trouble figuring out which documents to upload, contact us.