Vanta · Schema

Vanta Vulnerability

A security vulnerability tracked in the Vanta compliance platform

CybersecurityComplianceSecurityGovernanceRisk Management

Properties

Name Type Description
id string Unique vulnerability identifier assigned by Vanta
title string Human-readable vulnerability title
description string Detailed description of the vulnerability
severity string Vulnerability severity level based on CVSS or custom scoring
status string Current remediation status
cvssScore number CVSS base score (0.0 to 10.0)
cveId stringnull CVE identifier if this is a known CVE
remediationSlaDate stringnull SLA deadline by which the vulnerability must be remediated
discoveredAt string Timestamp when the vulnerability was first discovered
remediatedAt stringnull Timestamp when the vulnerability was remediated
affectedResources array List of Vanta resource IDs affected by this vulnerability
View JSON Schema on GitHub

JSON Schema

vanta-vulnerability-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/vanta/main/json-schema/vanta-vulnerability-schema.json",
  "title": "Vanta Vulnerability",
  "description": "A security vulnerability tracked in the Vanta compliance platform",
  "type": "object",
  "required": ["id", "title", "severity", "status"],
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique vulnerability identifier assigned by Vanta"
    },
    "title": {
      "type": "string",
      "description": "Human-readable vulnerability title"
    },
    "description": {
      "type": "string",
      "description": "Detailed description of the vulnerability"
    },
    "severity": {
      "type": "string",
      "enum": ["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFORMATIONAL"],
      "description": "Vulnerability severity level based on CVSS or custom scoring"
    },
    "status": {
      "type": "string",
      "enum": ["OPEN", "REMEDIATED", "ACCEPTED"],
      "description": "Current remediation status"
    },
    "cvssScore": {
      "type": "number",
      "minimum": 0,
      "maximum": 10,
      "description": "CVSS base score (0.0 to 10.0)"
    },
    "cveId": {
      "type": ["string", "null"],
      "pattern": "^CVE-\\d{4}-\\d{4,}$",
      "description": "CVE identifier if this is a known CVE"
    },
    "remediationSlaDate": {
      "type": ["string", "null"],
      "format": "date-time",
      "description": "SLA deadline by which the vulnerability must be remediated"
    },
    "discoveredAt": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the vulnerability was first discovered"
    },
    "remediatedAt": {
      "type": ["string", "null"],
      "format": "date-time",
      "description": "Timestamp when the vulnerability was remediated"
    },
    "affectedResources": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "List of Vanta resource IDs affected by this vulnerability"
    }
  },
  "additionalProperties": false
}