Skip to main content
Vanta

Overview

Vanta automates security compliance for SOC 2, ISO 27001, HIPAA, and other frameworks. The Pwnbook Vanta integration imports your compliance posture — controls, automated tests, evidence requests, and vendor assessments — so security teams can track compliance alongside operational security work in a single view.

Prerequisites

  • A Vanta account with access to Settings → API
  • Admin or Owner access in Pwnbook

Credentials required

FieldDescription
Client IDOAuth client ID from Vanta Settings → API
Client SecretOAuth client secret from Vanta Settings → API
Vanta uses OAuth client credentials (machine-to-machine) for API access — there is no personal token.

Setup

1

Create a Vanta API client

  1. In Vanta, go to Settings → Integrations → API.
  2. Click Create API client.
  3. Give it a name like “Pwnbook” and set the required scopes:
    • vanta.api.general.tests:read — automated test results
    • vanta.api.general.controls:read — control status
    • vanta.api.vendor:read — vendor management data
    • vanta.api.general.evidence:read — evidence requests
  4. Copy the Client ID and Client Secret.
2

Configure in Pwnbook

  1. Go to Organization Settings → Marketplace → Vanta.
  2. Enter your Client ID and Client Secret.
  3. Click Save & Test — Pwnbook exchanges credentials for a token and verifies access.

What gets synced

Controls

Pwnbook imports your Vanta control library including:
FieldDescription
Name and descriptionHuman-readable control name and what it covers
StatusPassing, failing, or needs attention
Framework mappingWhich SOC 2 trust criteria, ISO controls, or HIPAA safeguards each control maps to
Assigned ownerThe Vanta user responsible for the control

Automated tests

Each automated security check Vanta runs appears as a test result in Pwnbook:
FieldDescription
Test nameThe automated check (e.g., “MFA enabled for all users”)
StatusPassing or failing
Linked controlWhich compliance control the test validates
Failure detailsResources or accounts that caused the test to fail

Evidence requests

Open evidence collection requests from your Vanta audits appear in Pwnbook:
FieldDescription
TitleWhat evidence is being requested
Due dateWhen evidence must be submitted
StatusOpen, submitted, or approved
Assigned toTeam member responsible for gathering evidence

Vendor management

The vendor list from your Vanta workspace is imported with full metadata:
FieldDescription
Vendor nameVendor or SaaS tool name
Security ownerVanta workspace user responsible for the vendor from a security perspective
Business ownerVanta workspace user who owns the vendor relationship
Vendor PoCExternal contact at the vendor (name and email)
Authentication methodHow your team authenticates to the vendor
HeadquartersVendor country of incorporation
Trust centerLink to the vendor’s trust/security portal
Security owners and business owners are Vanta workspace users — they are set via a user picker and correspond to real team members in Vanta.

Viewing in Pwnbook

Once connected, Vanta data is available from the Workbench and the sidebar:
  • The Vanta workbench card shows control pass rate, failing test count, and open evidence requests at a glance.
  • The full Vanta view shows tabbed sections: Controls, Tests, Evidence, and Vendors.
  • Filters let you narrow by framework, status, and assigned owner.
  • Failing tests and controls link back to the corresponding item in Vanta for remediation.

Disconnecting

  1. Go to Organization Settings → Marketplace → Vanta.
  2. Click Disconnect.
  3. Confirm.
Previously synced compliance data remains in Pwnbook until manually deleted.