Skip to main content
GET
/
vulnerable-assets
List assets associated with vulnerabilities
curl --request GET \
  --url https://api.vanta.com/v1/vulnerable-assets \
  --header 'Authorization: Bearer <token>'
{
  "results": {
    "pageInfo": {
      "hasNextPage": true,
      "hasPreviousPage": false,
      "startCursor": "YXJyYXljb25uZWN0aW9uOjA=",
      "endCursor": "YXJyYXljb25uZWN0aW9uOjE="
    },
    "data": [
      {
        "id": "a2f7e1b9d0c3f4e5a6c7b8d9",
        "name": "CVE-2021-12345",
        "assetType": "SERVER",
        "hasBeenScanned": true,
        "imageScanTag": "apac-production:latest",
        "scanners": [
          {
            "resourceId": "6733c25f852819d3b8d97a86",
            "integrationId": "qualys",
            "imageDigest": "sha256:123456",
            "imagePushedAtDate": "2021-01-01T00:00:00.000Z",
            "imageTags": [
              "candidate-1234567890"
            ],
            "assetTags": [
              {
                "key": "company-name",
                "value": "vanta-llama"
              }
            ],
            "parentAccountOrOrganization": "12345678-abcd-cdef-ab12-abcd1234bbbb",
            "biosUuid": "123456",
            "ipv4s": [
              "12.12.123.123"
            ],
            "ipv6s": null,
            "macAddresses": [
              "1234AB987FED"
            ],
            "hostnames": [
              "purple-llama"
            ],
            "fqdns": [
              "purple-llama"
            ],
            "operatingSystems": [
              "Windows11"
            ],
            "targetId": "12345678-abcd-cdef-ab12-abcd1234bbbc"
          }
        ]
      }
    ]
  }
}

Documentation Index

Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Query Parameters

q
string

Filter vulnerable assets by search query.

pageSize
integer<int32>
default:10

Controls the maximum number of items returned in one response from the API.

Required range: 1 <= x <= 100
pageCursor
string

A marker or pointer, telling the API where to start fetching items for the subsequent page in a paginated dataset. Note that the requested page will not include the item that corresponds to this cursor but will start from the one immediately after this cursor.

integrationId
string

Filter vulnerable assets by specific vulnerability scanner.

assetType
enum<string>

Filter vulnerable assets by asset type. Possible values: CODE_REPOSITORY, CONTAINER_REPOSITORY, CONTAINER_REPOSITORY_IMAGE, MANIFEST_FILE, SERVER, SERVERLESS_FUNCTION, WORKSTATION. VulnerableAssetType describes the types of assets a vulnerability is on.

Available options:
SERVER,
SERVERLESS_FUNCTION,
CONTAINER,
CONTAINER_REPOSITORY,
CONTAINER_REPOSITORY_IMAGE,
CODE_REPOSITORY,
MANIFEST_FILE,
WORKSTATION,
OTHER
assetExternalAccountId
string

Filter vulnerable assets by...

Response

200 - application/json

Ok

results
object
required