Product

Scan, Sync, Remediate: Ostorlab Meets Vanta for Faster Audits

This article announces the new integration between Ostorlab and Vanta, explains how it works, outlines the setup process, and highlights the key benefits for security and compliance teams.

Tue 20 May 2025

Scan, Sync, Remediate: Ostorlab Meets Vanta for Faster Audits

The new Ostorlab–Vanta integration bridges the gap between vulnerability scanning and compliance tracking. With this integration, Ostorlab can automatically push vulnerability findings into Vanta’s compliance monitoring system—helping teams stay audit-ready with minimal effort.

Once enabled, Ostorlab automatically sends each scan’s results directly to Vanta. This includes everything from CVSS scores and risk ratings to remediation guidance and links back to the relevant Ostorlab report. There’s no need for manual syncing or extra steps—everything happens in the background after each scan.

Setting Up the Integration

The integration is straightforward to configure, and once established, it runs automatically with no further action required.

Here’s how to set it up:

Vanta Oauth flow

  1. In Vanta: Open the Integrations page, filter by "Vulnerability Scanner", and search for "Ostorlab". Click Connect to Ostorlab, or access directly in the Vanta integration page in the Ostorlab platform.

Link ostorlab

  1. Authorize Ostorlab to access Vanta: In the Ostorlab dashboard (you’ll be redirected there after clicking Connect), switch to the Configuration tab for the Vanta integration. Click Authorize Vanta and review the permissions when the Vanta authorization page appears. Confirm to grant Ostorlab access.

Authorize ostorlab

  1. Verify active status: After granting permissions, you’ll return to Ostorlab. The integration status should now show as Active, indicating that Ostorlab and Vanta are linked and ready to sync.

Verify active status

Vulnerability Findings in Vanta

Findings in Vanta

Once configured, it requires no further setup: Ostorlab will push vulnerabilities into Vanta after each scan.

Vulnerability findings in Vanta

Each vulnerability finding includes the following details:

  • Title: The name of the vulnerability.
  • Description: A brief overview of the vulnerability.
  • CVSS V3 Score: The Common Vulnerability Scoring System score, indicating the severity of the vulnerability.
  • Severity (risk rating): The risk rating assigned to the vulnerability.
  • Remediation: Guidance on how to fix the vulnerability.
  • First Seen: The date when the vulnerability was first detected.
  • Last Seen: The date when the vulnerability was last detected.
  • Package name: The name of the affected package if the vulnerability is related to a specific software component.
  • Link to Ostorlab report: A link to the full Ostorlab report for the ticket related to the vulnerability, providing additional details and context.

Ostorlab findings in Vanta

Additionally, the impacted assets are also listed, allowing you to see which assets are affected by the vulnerabilities. If you click on the asset title, you will be redirected to the asset page if available or to the scan page of the asset.

Impacted assets

Ostorlab scan page

Vulnerability Syncing

The integration allows for automatic syncing of vulnerability findings from Ostorlab to Vanta. This means that as soon as a scan is completed, the results are sent to Vanta without any manual intervention.

A vulnerability finding is considered fixed when:

  • The vulnerability is no longer present in the latest scan, meaning it won't be sent to Vanta.

  • The vulnerability is marked as a False Positive, Exception or Fixed in the Ostorlab platform.

Key Benefits of the Integration

  • Seamless Integration Setup: The integration is straightforward to configure and, once established, requires no additional maintenance, allowing teams to focus on security and compliance tasks.
  • Automatic Vulnerability Sync: Post-scan, Ostorlab findings are automatically populated in Vanta’s dashboard, eliminating manual data transfers.
  • Rich context in Vanta: Each synchronized issue in Vanta includes full details – the vulnerability description, CVSS score and vector, risk rating, remediation instructions, and a link back to Ostorlab for more info. Compliance teams get all the context they need without leaving the Vanta interface.
  • Real-Time SLA Tracking: Vanta monitors remediation timelines, ensuring vulnerabilities are addressed within defined Service Level Agreements, and can reopen issues if fixes become outdated.

These benefits mean you catch risks earlier and get ready for audits faster.

Tags:

security, ostorlab, vulnerabilities, vanta, compliance

We do newsletters, too

Get the latest news, updates, and product innovations from Ostorlab right in your inbox.

Table of Contents