> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Vanta

> Pull compliance controls, security tests, evidence requests, and vendor management data from Vanta into Pwnbook.

<img src="https://mintcdn.com/pwnbook/noJyYhCscAD7TYUE/logos/vanta.svg?fit=max&auto=format&n=noJyYhCscAD7TYUE&q=85&s=66c59d5f08677f8df7c1e11f85c685f0" alt="Vanta" style={{ height: "32px", marginBottom: "16px" }} width="512" height="512" data-path="logos/vanta.svg" />

## Overview

Vanta automates security compliance for SOC 2, ISO 27001, HIPAA, and other frameworks. The Pwnbook Vanta integration imports your compliance posture — controls, automated tests, evidence requests, and vendor assessments — so security teams can track compliance alongside operational security work in a single view.

## Prerequisites

* A Vanta account with access to **Settings → API**
* Admin or Owner access in Pwnbook

## Credentials required

| Field             | Description                                   |
| ----------------- | --------------------------------------------- |
| **Client ID**     | OAuth client ID from Vanta Settings → API     |
| **Client Secret** | OAuth client secret from Vanta Settings → API |

Vanta uses OAuth client credentials (machine-to-machine) for API access — there is no personal token.

## Setup

<Steps>
  <Step title="Create a Vanta API client">
    1. In Vanta, go to **Settings → Integrations → API**.
    2. Click **Create API client**.
    3. Give it a name like "Pwnbook" and set the required scopes:
       * `vanta.api.general.tests:read` — automated test results
       * `vanta.api.general.controls:read` — control status
       * `vanta.api.vendor:read` — vendor management data
       * `vanta.api.general.evidence:read` — evidence requests
    4. Copy the **Client ID** and **Client Secret**.
  </Step>

  <Step title="Configure in Pwnbook">
    1. Go to **Organization Settings → Marketplace → Vanta**.
    2. Enter your **Client ID** and **Client Secret**.
    3. Click **Save & Test** — Pwnbook exchanges credentials for a token and verifies access.
  </Step>
</Steps>

## What gets synced

### Controls

Pwnbook imports your Vanta control library including:

| Field                    | Description                                                                        |
| ------------------------ | ---------------------------------------------------------------------------------- |
| **Name and description** | Human-readable control name and what it covers                                     |
| **Status**               | Passing, failing, or needs attention                                               |
| **Framework mapping**    | Which SOC 2 trust criteria, ISO controls, or HIPAA safeguards each control maps to |
| **Assigned owner**       | The Vanta user responsible for the control                                         |

### Automated tests

Each automated security check Vanta runs appears as a test result in Pwnbook:

| Field               | Description                                             |
| ------------------- | ------------------------------------------------------- |
| **Test name**       | The automated check (e.g., "MFA enabled for all users") |
| **Status**          | Passing or failing                                      |
| **Linked control**  | Which compliance control the test validates             |
| **Failure details** | Resources or accounts that caused the test to fail      |

### Evidence requests

Open evidence collection requests from your Vanta audits appear in Pwnbook:

| Field           | Description                                    |
| --------------- | ---------------------------------------------- |
| **Title**       | What evidence is being requested               |
| **Due date**    | When evidence must be submitted                |
| **Status**      | Open, submitted, or approved                   |
| **Assigned to** | Team member responsible for gathering evidence |

### Vendor management

The vendor list from your Vanta workspace is imported with full metadata:

| Field                     | Description                                                                 |
| ------------------------- | --------------------------------------------------------------------------- |
| **Vendor name**           | Vendor or SaaS tool name                                                    |
| **Security owner**        | Vanta workspace user responsible for the vendor from a security perspective |
| **Business owner**        | Vanta workspace user who owns the vendor relationship                       |
| **Vendor PoC**            | External contact at the vendor (name and email)                             |
| **Authentication method** | How your team authenticates to the vendor                                   |
| **Headquarters**          | Vendor country of incorporation                                             |
| **Trust center**          | Link to the vendor's trust/security portal                                  |

Security owners and business owners are Vanta workspace users — they are set via a user picker and correspond to real team members in Vanta.

## Viewing in Pwnbook

Once connected, Vanta data is available from the Workbench and the sidebar:

* The **Vanta** workbench card shows control pass rate, failing test count, and open evidence requests at a glance.
* The full Vanta view shows tabbed sections: **Controls**, **Tests**, **Evidence**, and **Vendors**.
* Filters let you narrow by framework, status, and assigned owner.
* Failing tests and controls link back to the corresponding item in Vanta for remediation.

## Disconnecting

1. Go to **Organization Settings → Marketplace → Vanta**.
2. Click **Disconnect**.
3. Confirm.

Previously synced compliance data remains in Pwnbook until manually deleted.
