Vanta
Read-only tools to review compliance posture powered by Vanta's security platform.
Capabilities
List and filter automated security tests, view test status, and identify failing resources across your infrastructure.
Access security controls, map them to compliance frameworks, and review implementation status.
Retrieve compliance documents, evidence, and their associated controls to streamline audit preparation.
Query vulnerabilities by severity, CVE ID, affected assets, and SLA deadlines to prioritize remediation efforts.
Review risk scenarios, their scoring, treatment status, and mitigation strategies.
Check connected integrations and monitor their health to ensure continuous compliance monitoring.
Admin Setup
This integration requires read-only access to your Vanta account facilitated via an OAuth Application.
Creating a New Vanta Application
See the official Vanta API Access Setup Guide.
- Login to Vanta and navigate to the "Settings" page > then "Developer Console" and then click "Create":
- Give your application a name & description and then select the
Manage VantaApp type. - You will see that the OAuth client ID and secret was autogenerated.
**Note: **Only share these two values with trusted team members, as these can be used together to authenticate to the Vanta API. You can always regenerate a new client secret if you want to rotate credentials for security reasons. Dust will only request the vanta-api.all:read scope using these tokens. This will provide Dust with read access to all the "Manage Vanta" endpoints specified here.
Setup in Dust
The tool uses workspace-level credentials, meaning the authentication credentials you provide during setup will be shared by all users in the workspace with access to these tools.
- Go to Spaces > Administration > Tools in your Dust workspace, click Add Tools, and select Vanta.
- Provide the client ID and client secret in the configuration form.
Available Tools
| Name | Description |
|---|---|
| List Tests | List Vanta's automated security and compliance tests with optional filtering by status, category, framework, or integration. |
| List Test Entities | Get the resources monitored by a specific security test. Filter by status using FAILING or DEACTIVATED to identify resources requiring attention. |
| List Controls | List security controls in your Vanta account or retrieve a specific control by ID with framework mapping details. Supports filtering by framework ID. |
| List Control Tests | Enumerate automated tests that validate a specific security control, including status and failing entity information. |
| List Control Documents | List documents mapped to a control to locate supporting evidence quickly. |
| List Documents | List compliance documents in your Vanta account or retrieve a specific document by ID. |
| List Document Resources | Retrieve resources linked to a document (controls, links, uploads) by choosing the desired resource type. |
| List Integrations | List integrations connected to your Vanta account or retrieve details for a specific integration. |
| List Frameworks | List compliance frameworks in your Vanta account with completion status and progress metrics. |
| List Framework Controls | Retrieve the controls associated with a compliance framework, including descriptions and implementation guidance. |
| List People | List people in your Vanta account or retrieve a specific person by ID with role and group membership. |
| List Risks | List risk scenarios in your risk register or retrieve a specific scenario to review status, scoring, and treatment. |
| List Vulnerabilities | List vulnerabilities detected across your infrastructure with CVE details, severity, and impacted assets. |
Updated 1 day ago