Skip to main content
GET
/
vulnerable-assets
/
{vulnerableAssetId}
Get vulnerable asset by ID
curl --request GET \
  --url https://api.vanta.com/v1/vulnerable-assets/{vulnerableAssetId} \
  --header 'Authorization: Bearer <token>'
{
  "id": "a2f7e1b9d0c3f4e5a6c7b8d9",
  "name": "CVE-2021-12345",
  "assetType": "SERVER",
  "hasBeenScanned": true,
  "imageScanTag": "apac-production:latest",
  "scanners": [
    {
      "resourceId": "6733c25f852819d3b8d97a86",
      "integrationId": "qualys",
      "imageDigest": "sha256:123456",
      "imagePushedAtDate": "2021-01-01T00:00:00.000Z",
      "imageTags": [
        "candidate-1234567890"
      ],
      "assetTags": [
        {
          "key": "company-name",
          "value": "vanta-llama"
        }
      ],
      "parentAccountOrOrganization": "12345678-abcd-cdef-ab12-abcd1234bbbb",
      "biosUuid": "123456",
      "ipv4s": [
        "12.12.123.123"
      ],
      "ipv6s": null,
      "macAddresses": [
        "1234AB987FED"
      ],
      "hostnames": [
        "purple-llama"
      ],
      "fqdns": [
        "purple-llama"
      ],
      "operatingSystems": [
        "Windows11"
      ],
      "targetId": "12345678-abcd-cdef-ab12-abcd1234bbbc"
    }
  ]
}

Documentation Index

Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

vulnerableAssetId
string
required

Response

200 - application/json

Ok

id
string
required

Unique identifier for the vulnerable asset.

name
string
required

Display name of the vulnerable asset.

assetType
enum<string>
required

Type of the vulnerable asset. Possible values: CODE_REPOSITORY, CONTAINER_REPOSITORY, CONTAINER_REPOSITORY_IMAGE, MANIFEST_FILE, SERVER, SERVERLESS_FUNCTION, WORKSTATION.

Available options:
SERVER,
SERVERLESS_FUNCTION,
CONTAINER,
CONTAINER_REPOSITORY,
CONTAINER_REPOSITORY_IMAGE,
CODE_REPOSITORY,
MANIFEST_FILE,
WORKSTATION,
OTHER
hasBeenScanned
boolean
required

Whether the vulnerable asset has been scanned.

imageScanTag
string | null
required

Only relevant for container repositories. This field sets the container image tag that vulnerabilities will be retrieved for. If null, the latest image will be retrieved.

scanners
object[]
required

The integrations that are scanning this vulnerable asset.