Vanta Integration
Send your Pentest-Tools.com reports to Vanta within few clicks.
Getting started with the Vanta integration for the first time is simple.
Head over to the Integrations section and click the "Link Vanta account" button.
If you're already logged into Vanta, the 'Authorize app' prompt will appear. Otherwise, you'll be asked to log in using your preferred method. After that, click Allow.
The following messages will appear on the right side of your screen once the integration is successfully added.
To remove the integration, delete it from both your Vanta account and our platform’s integrations section.
Here’s how to send your scan reports to Vanta automatically.
Option 1: Syncing scan results of scheduled scans:
These are sent as Documents for the Vulnerability Scan category to Vanta. You can find them in Vanta by going to Compliance → Documents → Vulnerability scan.
According to Vanta's documentation, you are limited to five scan results per recurrence period. Vanta also recommends using this method only for assets not in synced workspaces.
These documents are mapped to only two controls, which reduces their overall utility.
To use this feature, we just need to enable the sync for the scheduled scans we want. Here you will find all scheduled scans from all workspaces you own or that have been shared with you with Edit credentials. So I’ll just enable two scheduled scans and hit "Save." The syncing happens immediately after the scan is finished.
To set up this functionality, proceed with the steps below:
-
Set up a scheduled scan
-
Select how often you want it to run, and make sure to check the “Send to Vanta” option
Once scheduled, you’ll notice a special Vanta badge appear next to each scan that’s linked to Vanta - a nice little visual cue that everything’s set
After the scan is complete, you can view the report in Vanta by going to Compliance > Documents > Vulnerability Scan.
If the reports aren’t appearing in Vanta, make sure to verify that the integration was configured properly. In the Scheduled Scans section, check that the Vanta icon is displayed next to your scan. If there’s an issue (such as the scan failing to reach the target) a red warning icon will appear.
Sync rules & frequency
Each scheduled scan result is automatically sent to Vanta as a PDF (max. 5 per recurrence period) and mapped to Compliance → Documents → Vulnerability Scan.
Important:
- Use scheduled scans only for assets not in synced workspaces. Vanta doesn’t allow both scheduled scans and vuln sync enabled for the same asset.
- Make sure to fit the recurrence period limit in both Pentest-Tools.com and Vanta when setting up the frequency!
Option 2: Syncing vulnerabilities of desired workspaces:
This is the newest update that makes the integration extremely useful. In addition to the two controls you saw earlier, vulnerabilities are automatically mapped to 32 tests. They are synced automatically every day at 5 AM UTC.
The latest batch of vulnerabilities we send is considered the single source of truth, so how you manage findings in Pentest-Tools.com is extremely important.
What findings get synced with Vanta:
- Findings with an Open status.
- Findings with a risk level of at least Low. Informational findings are intentionally excluded from the sync to reduce noise.
If you configured the integration for the first time after October 1st, 2025, following the steps in the beginning this article, there is no need to re-configure your integration. This latest update will already be available in your integration.
However, in case you were already using the Vanta integration to sync the scan results of scheduled scans prior to October 1st, 2025, in order to get the new "syncing vulnerabilities of desired workspaces" functionality up and running, you'll need to update your existing integration.
Don't worry - it’s a quick and simple process:
- In order to ensure a clean connection for the new setup:
- Go to the Integrations page in your Pentest-Tools.com account;
- Look for your Vanta integration and delete the existing connection;
- Head over to your Vanta account;
- Log in and remove the Pentest-Tools.com integration from there as well. This ensures a clean connection for the new setup;
- Return to the Integrations page in your Pentest-Tools.com account;
- Find the Vanta card again, and click "Link Vanta account";
- Finally, click on "Configure Vanta" and select at least one of your workspaces to begin the daily, automatic synchronization;
In Vanta, you’ll find the synced vulnerabilities under Assets → Vulnerabilities:
- by Asset
- by Vulnerability.
Sync rules & frequency
Findings from selected workspaces will be synced automatically every day at 05:00 UTC.
Please note that:
- This includes manual findings created in your selected workspaces.
- Findings marked as Informational or with a status other than Open won't be synced!