@rawdash/connector-vanta 0.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +134 -0
- package/dist/index.d.ts +483 -0
- package/dist/index.js +605 -0
- package/dist/index.js.map +1 -0
- package/package.json +43 -0
package/README.md
ADDED
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
<!-- This file is generated from connector metadata by scripts/generate-connector-docs.ts. Do not edit by hand. -->
|
|
2
|
+
|
|
3
|
+
# @rawdash/connector-vanta
|
|
4
|
+
|
|
5
|
+
[](https://www.npmjs.com/package/@rawdash/connector-vanta)
|
|
6
|
+
[](https://github.com/rawdash/rawdash/blob/main/LICENSE)
|
|
7
|
+
|
|
8
|
+
Sync controls, tests, and test findings from a Vanta workspace for audit-ready %, failing-test count, and open-finding compliance dashboards.
|
|
9
|
+
|
|
10
|
+
## Install
|
|
11
|
+
|
|
12
|
+
```sh
|
|
13
|
+
npm install @rawdash/connector-vanta
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
## Authentication
|
|
17
|
+
|
|
18
|
+
OAuth 2.0 client-credentials flow against a Vanta Public API application. Read-only scopes are sufficient.
|
|
19
|
+
|
|
20
|
+
1. Sign in to Vanta as an admin and open Settings -> Connect -> Public API.
|
|
21
|
+
2. Create a new application; grant it read access to the resources you intend to sync (controls, tests, findings).
|
|
22
|
+
3. Copy the generated Client ID and Client Secret. Vanta only shows the secret once.
|
|
23
|
+
4. Store the client secret as a rawdash secret and reference it from the connector config as `clientSecret: secret("VANTA_CLIENT_SECRET")`.
|
|
24
|
+
|
|
25
|
+
## Configuration
|
|
26
|
+
|
|
27
|
+
| Field | Type | Required | Description |
|
|
28
|
+
| ---------------------- | ------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
29
|
+
| `clientId` | string | Yes | Client ID of the Vanta OAuth application authorized for the Public API. Created under Settings -> Connect -> Public API in Vanta. |
|
|
30
|
+
| `clientSecret` | secret | Yes | Client secret of the Vanta OAuth application. Stored as a secret. |
|
|
31
|
+
| `scope` | string | No | Space-delimited OAuth scopes requested when minting a token. Defaults to "vanta-api.all:read", which covers every read endpoint this connector calls. |
|
|
32
|
+
| `resources` | array | No | Which Vanta resources to sync. Omit to sync all of them. The OAuth client only needs the read scope for the resources listed here. |
|
|
33
|
+
| `findingsLookbackDays` | number | No | How many days of test findings to refresh on each full sync. Defaults to 90. Incremental syncs use the run watermark and ignore this field. |
|
|
34
|
+
|
|
35
|
+
## Resources
|
|
36
|
+
|
|
37
|
+
- **`vanta_control`** _(entity)_ - Vanta controls keyed by id. Each control belongs to one or more frameworks (SOC 2, HIPAA, ISO 27001, etc.) and has a roll-up status of PASSING, FAILING, or NEEDS_ATTENTION.
|
|
38
|
+
- Endpoint: `GET /v1/controls`
|
|
39
|
+
- Cursor pagination via pageCursor / pageSize. Controls are a full-snapshot resource: a full sync rewrites the scope on first page.
|
|
40
|
+
- `name`: Human-readable control name.
|
|
41
|
+
- `status`: Roll-up status (PASSING, FAILING, or NEEDS_ATTENTION).
|
|
42
|
+
- `framework`: Name of the first framework the control is mapped to (e.g. "SOC 2"). Use the framework dimension for distributions when a control maps to several frameworks.
|
|
43
|
+
- `frameworks`: Comma-separated list of every framework the control is mapped to.
|
|
44
|
+
- `lastEvaluated`: When Vanta last evaluated the control (Unix ms).
|
|
45
|
+
- **`vanta_test`** _(entity)_ - Vanta tests keyed by id. A test is the smallest unit of evaluation in Vanta and may be mapped to multiple controls.
|
|
46
|
+
- Endpoint: `GET /v1/tests`
|
|
47
|
+
- Cursor pagination via pageCursor / pageSize. Tests are a full-snapshot resource.
|
|
48
|
+
- `name`: Human-readable test name.
|
|
49
|
+
- `status`: Test status (OK, NEEDS_ATTENTION, DEACTIVATED, or IN_PROGRESS).
|
|
50
|
+
- `controlId`: First control id the test is mapped to (a test may be mapped to several controls).
|
|
51
|
+
- `controlCount`: Number of controls the test is mapped to.
|
|
52
|
+
- `evidenceCount`: Number of distinct evidence rows backing the test (counter maintained by Vanta).
|
|
53
|
+
- `lastTested`: When Vanta last ran the test (Unix ms).
|
|
54
|
+
- **`vanta_test_finding`** _(event)_ - Test findings (one event per finding row), with severity, the test it came from, and resolved-at when applicable. Useful for open-finding counts and MTTR-to-resolution timeseries.
|
|
55
|
+
- Endpoint: `GET /v1/test-findings`
|
|
56
|
+
- Cursor pagination via pageCursor / pageSize. Full syncs walk back findingsLookbackDays days; incremental syncs use the sync `since` watermark.
|
|
57
|
+
- `findingId`: Vanta finding id.
|
|
58
|
+
- `severity`: Finding severity (LOW, MEDIUM, HIGH, CRITICAL).
|
|
59
|
+
- `status`: Finding status (OPEN, RESOLVED, DEFERRED, WONT_FIX).
|
|
60
|
+
- `testId`: Id of the test that produced the finding.
|
|
61
|
+
- `controlId`: First control id the finding is mapped to (via its test).
|
|
62
|
+
- `resolvedAt`: Resolution timestamp (Unix ms) when resolved.
|
|
63
|
+
|
|
64
|
+
## Example
|
|
65
|
+
|
|
66
|
+
```ts
|
|
67
|
+
import {
|
|
68
|
+
defineConfig,
|
|
69
|
+
defineDashboard,
|
|
70
|
+
defineMetric,
|
|
71
|
+
secret,
|
|
72
|
+
} from '@rawdash/core';
|
|
73
|
+
|
|
74
|
+
const vanta = {
|
|
75
|
+
name: 'vanta',
|
|
76
|
+
connectorId: 'vanta',
|
|
77
|
+
config: {
|
|
78
|
+
clientId: 'vci_AbCdEf...',
|
|
79
|
+
clientSecret: secret('VANTA_CLIENT_SECRET'),
|
|
80
|
+
},
|
|
81
|
+
};
|
|
82
|
+
|
|
83
|
+
export default defineConfig({
|
|
84
|
+
connectors: [vanta],
|
|
85
|
+
dashboards: {
|
|
86
|
+
compliance: defineDashboard({
|
|
87
|
+
widgets: {
|
|
88
|
+
failing_controls: {
|
|
89
|
+
kind: 'stat',
|
|
90
|
+
title: 'Failing controls',
|
|
91
|
+
metric: defineMetric({
|
|
92
|
+
connector: vanta,
|
|
93
|
+
shape: 'entity',
|
|
94
|
+
entityType: 'vanta_control',
|
|
95
|
+
fn: 'count',
|
|
96
|
+
filter: [{ field: 'status', op: 'eq', value: 'FAILING' }],
|
|
97
|
+
}),
|
|
98
|
+
},
|
|
99
|
+
open_findings: {
|
|
100
|
+
kind: 'stat',
|
|
101
|
+
title: 'Open findings',
|
|
102
|
+
metric: defineMetric({
|
|
103
|
+
connector: vanta,
|
|
104
|
+
shape: 'event',
|
|
105
|
+
name: 'vanta_test_finding',
|
|
106
|
+
fn: 'count',
|
|
107
|
+
filter: [{ field: 'status', op: 'eq', value: 'OPEN' }],
|
|
108
|
+
}),
|
|
109
|
+
},
|
|
110
|
+
},
|
|
111
|
+
}),
|
|
112
|
+
},
|
|
113
|
+
});
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
## Rate limits
|
|
117
|
+
|
|
118
|
+
Vanta enforces a per-application quota (50 requests per minute on the default tier) and responds with 429 + Retry-After when exceeded; the shared HTTP client honors Retry-After when scheduling the next request.
|
|
119
|
+
|
|
120
|
+
## Limitations
|
|
121
|
+
|
|
122
|
+
- Only controls, tests, and test findings are synced. Frameworks, risks, vendors, audits, people, and document-evidence resources are out of scope.
|
|
123
|
+
- Controls and tests are full-snapshot resources: every sync re-reads the whole list and rewrites the entity scope on the first page. Tenants with very large catalogs (10k+ controls/tests) should run the connector less often.
|
|
124
|
+
- Test findings before the configured lookback window (default 90 days) are not refreshed; they remain whatever the most recent sync that did see them wrote.
|
|
125
|
+
|
|
126
|
+
## Links
|
|
127
|
+
|
|
128
|
+
- [Rawdash docs](https://rawdash.dev/docs/connectors)
|
|
129
|
+
- [Vanta API docs](https://developer.vanta.com/)
|
|
130
|
+
- [GitHub](https://github.com/rawdash/rawdash)
|
|
131
|
+
|
|
132
|
+
## License
|
|
133
|
+
|
|
134
|
+
Apache-2.0
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,483 @@
|
|
|
1
|
+
import { BaseConnector, ConnectorContext, SyncOptions, StorageHandle, SyncResult, ConnectorDoc } from '@rawdash/core';
|
|
2
|
+
import { z } from 'zod';
|
|
3
|
+
|
|
4
|
+
declare const configFields: z.ZodObject<{
|
|
5
|
+
clientId: z.ZodString;
|
|
6
|
+
clientSecret: z.ZodObject<{
|
|
7
|
+
$secret: z.ZodString;
|
|
8
|
+
}, z.core.$strip>;
|
|
9
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
10
|
+
resources: z.ZodOptional<z.ZodArray<z.ZodEnum<{
|
|
11
|
+
controls: "controls";
|
|
12
|
+
tests: "tests";
|
|
13
|
+
findings: "findings";
|
|
14
|
+
}>>>;
|
|
15
|
+
findingsLookbackDays: z.ZodOptional<z.ZodNumber>;
|
|
16
|
+
}, z.core.$strip>;
|
|
17
|
+
declare const doc: ConnectorDoc;
|
|
18
|
+
type VantaResource = 'controls' | 'tests' | 'findings';
|
|
19
|
+
interface VantaSettings {
|
|
20
|
+
resources?: readonly VantaResource[];
|
|
21
|
+
scope?: string;
|
|
22
|
+
findingsLookbackDays?: number;
|
|
23
|
+
}
|
|
24
|
+
declare const vantaCredentials: {
|
|
25
|
+
clientId: {
|
|
26
|
+
description: string;
|
|
27
|
+
auth: "required";
|
|
28
|
+
};
|
|
29
|
+
clientSecret: {
|
|
30
|
+
description: string;
|
|
31
|
+
auth: "required";
|
|
32
|
+
};
|
|
33
|
+
};
|
|
34
|
+
type VantaCredentials = typeof vantaCredentials;
|
|
35
|
+
declare const vantaResources: {
|
|
36
|
+
readonly vanta_control: {
|
|
37
|
+
readonly shape: "entity";
|
|
38
|
+
readonly filterable: [{
|
|
39
|
+
readonly field: "status";
|
|
40
|
+
readonly ops: ["eq"];
|
|
41
|
+
readonly values: ["PASSING", "FAILING", "NEEDS_ATTENTION"];
|
|
42
|
+
}, {
|
|
43
|
+
readonly field: "framework";
|
|
44
|
+
readonly ops: ["eq"];
|
|
45
|
+
}];
|
|
46
|
+
readonly description: "Vanta controls keyed by id. Each control belongs to one or more frameworks (SOC 2, HIPAA, ISO 27001, etc.) and has a roll-up status of PASSING, FAILING, or NEEDS_ATTENTION.";
|
|
47
|
+
readonly endpoint: "GET /v1/controls";
|
|
48
|
+
readonly notes: "Cursor pagination via pageCursor / pageSize. Controls are a full-snapshot resource: a full sync rewrites the scope on first page.";
|
|
49
|
+
readonly fields: [{
|
|
50
|
+
readonly name: "name";
|
|
51
|
+
readonly description: "Human-readable control name.";
|
|
52
|
+
}, {
|
|
53
|
+
readonly name: "status";
|
|
54
|
+
readonly description: "Roll-up status (PASSING, FAILING, or NEEDS_ATTENTION).";
|
|
55
|
+
}, {
|
|
56
|
+
readonly name: "framework";
|
|
57
|
+
readonly description: "Name of the first framework the control is mapped to (e.g. \"SOC 2\"). Use the framework dimension for distributions when a control maps to several frameworks.";
|
|
58
|
+
}, {
|
|
59
|
+
readonly name: "frameworks";
|
|
60
|
+
readonly description: "Comma-separated list of every framework the control is mapped to.";
|
|
61
|
+
}, {
|
|
62
|
+
readonly name: "lastEvaluated";
|
|
63
|
+
readonly description: "When Vanta last evaluated the control (Unix ms).";
|
|
64
|
+
}];
|
|
65
|
+
readonly responses: {
|
|
66
|
+
readonly oauth_token: z.ZodObject<{
|
|
67
|
+
access_token: z.ZodString;
|
|
68
|
+
token_type: z.ZodOptional<z.ZodString>;
|
|
69
|
+
expires_in: z.ZodOptional<z.ZodNumber>;
|
|
70
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
71
|
+
}, z.core.$strip>;
|
|
72
|
+
readonly controls: z.ZodObject<{
|
|
73
|
+
results: z.ZodObject<{
|
|
74
|
+
data: z.ZodArray<z.ZodObject<{
|
|
75
|
+
id: z.ZodString;
|
|
76
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
77
|
+
description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
78
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
79
|
+
frameworks: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
|
|
80
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
81
|
+
matchingId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
82
|
+
}, z.core.$strip>>>>;
|
|
83
|
+
lastEvaluatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
84
|
+
updatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
85
|
+
createdAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
86
|
+
}, z.core.$strip>>;
|
|
87
|
+
pageInfo: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
88
|
+
endCursor: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
89
|
+
hasNextPage: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
90
|
+
}, z.core.$strip>>>;
|
|
91
|
+
}, z.core.$strip>;
|
|
92
|
+
}, z.core.$strip>;
|
|
93
|
+
};
|
|
94
|
+
};
|
|
95
|
+
readonly vanta_test: {
|
|
96
|
+
readonly shape: "entity";
|
|
97
|
+
readonly filterable: [{
|
|
98
|
+
readonly field: "status";
|
|
99
|
+
readonly ops: ["eq"];
|
|
100
|
+
readonly values: ["OK", "NEEDS_ATTENTION", "DEACTIVATED", "IN_PROGRESS"];
|
|
101
|
+
}];
|
|
102
|
+
readonly description: "Vanta tests keyed by id. A test is the smallest unit of evaluation in Vanta and may be mapped to multiple controls.";
|
|
103
|
+
readonly endpoint: "GET /v1/tests";
|
|
104
|
+
readonly notes: "Cursor pagination via pageCursor / pageSize. Tests are a full-snapshot resource.";
|
|
105
|
+
readonly fields: [{
|
|
106
|
+
readonly name: "name";
|
|
107
|
+
readonly description: "Human-readable test name.";
|
|
108
|
+
}, {
|
|
109
|
+
readonly name: "status";
|
|
110
|
+
readonly description: "Test status (OK, NEEDS_ATTENTION, DEACTIVATED, or IN_PROGRESS).";
|
|
111
|
+
}, {
|
|
112
|
+
readonly name: "controlId";
|
|
113
|
+
readonly description: "First control id the test is mapped to (a test may be mapped to several controls).";
|
|
114
|
+
}, {
|
|
115
|
+
readonly name: "controlCount";
|
|
116
|
+
readonly description: "Number of controls the test is mapped to.";
|
|
117
|
+
}, {
|
|
118
|
+
readonly name: "evidenceCount";
|
|
119
|
+
readonly description: "Number of distinct evidence rows backing the test (counter maintained by Vanta).";
|
|
120
|
+
}, {
|
|
121
|
+
readonly name: "lastTested";
|
|
122
|
+
readonly description: "When Vanta last ran the test (Unix ms).";
|
|
123
|
+
}];
|
|
124
|
+
readonly responses: {
|
|
125
|
+
readonly tests: z.ZodObject<{
|
|
126
|
+
results: z.ZodObject<{
|
|
127
|
+
data: z.ZodArray<z.ZodObject<{
|
|
128
|
+
id: z.ZodString;
|
|
129
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
130
|
+
description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
131
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
132
|
+
controlIds: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
133
|
+
controls: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
|
|
134
|
+
id: z.ZodString;
|
|
135
|
+
}, z.core.$strip>>>>;
|
|
136
|
+
evidenceCount: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
137
|
+
lastTestedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
138
|
+
updatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
139
|
+
createdAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
140
|
+
}, z.core.$strip>>;
|
|
141
|
+
pageInfo: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
142
|
+
endCursor: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
143
|
+
hasNextPage: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
144
|
+
}, z.core.$strip>>>;
|
|
145
|
+
}, z.core.$strip>;
|
|
146
|
+
}, z.core.$strip>;
|
|
147
|
+
};
|
|
148
|
+
};
|
|
149
|
+
readonly vanta_test_finding: {
|
|
150
|
+
readonly shape: "event";
|
|
151
|
+
readonly filterable: [{
|
|
152
|
+
readonly field: "severity";
|
|
153
|
+
readonly ops: ["eq"];
|
|
154
|
+
readonly values: ["LOW", "MEDIUM", "HIGH", "CRITICAL"];
|
|
155
|
+
}, {
|
|
156
|
+
readonly field: "status";
|
|
157
|
+
readonly ops: ["eq"];
|
|
158
|
+
readonly values: ["OPEN", "RESOLVED", "DEFERRED", "WONT_FIX"];
|
|
159
|
+
}];
|
|
160
|
+
readonly description: "Test findings (one event per finding row), with severity, the test it came from, and resolved-at when applicable. Useful for open-finding counts and MTTR-to-resolution timeseries.";
|
|
161
|
+
readonly endpoint: "GET /v1/test-findings";
|
|
162
|
+
readonly notes: "Cursor pagination via pageCursor / pageSize. Full syncs walk back findingsLookbackDays days; incremental syncs use the sync `since` watermark.";
|
|
163
|
+
readonly fields: [{
|
|
164
|
+
readonly name: "findingId";
|
|
165
|
+
readonly description: "Vanta finding id.";
|
|
166
|
+
}, {
|
|
167
|
+
readonly name: "severity";
|
|
168
|
+
readonly description: "Finding severity (LOW, MEDIUM, HIGH, CRITICAL).";
|
|
169
|
+
}, {
|
|
170
|
+
readonly name: "status";
|
|
171
|
+
readonly description: "Finding status (OPEN, RESOLVED, DEFERRED, WONT_FIX).";
|
|
172
|
+
}, {
|
|
173
|
+
readonly name: "testId";
|
|
174
|
+
readonly description: "Id of the test that produced the finding.";
|
|
175
|
+
}, {
|
|
176
|
+
readonly name: "controlId";
|
|
177
|
+
readonly description: "First control id the finding is mapped to (via its test).";
|
|
178
|
+
}, {
|
|
179
|
+
readonly name: "resolvedAt";
|
|
180
|
+
readonly description: "Resolution timestamp (Unix ms) when resolved.";
|
|
181
|
+
}];
|
|
182
|
+
readonly responses: {
|
|
183
|
+
readonly findings: z.ZodObject<{
|
|
184
|
+
results: z.ZodObject<{
|
|
185
|
+
data: z.ZodArray<z.ZodObject<{
|
|
186
|
+
id: z.ZodString;
|
|
187
|
+
testId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
188
|
+
controlId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
189
|
+
severity: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
190
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
191
|
+
createdAt: z.ZodString;
|
|
192
|
+
resolvedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
193
|
+
description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
194
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
195
|
+
}, z.core.$strip>>;
|
|
196
|
+
pageInfo: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
197
|
+
endCursor: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
198
|
+
hasNextPage: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
199
|
+
}, z.core.$strip>>>;
|
|
200
|
+
}, z.core.$strip>;
|
|
201
|
+
}, z.core.$strip>;
|
|
202
|
+
};
|
|
203
|
+
};
|
|
204
|
+
};
|
|
205
|
+
declare const id = "vanta";
|
|
206
|
+
declare class VantaConnector extends BaseConnector<VantaSettings, VantaCredentials> {
|
|
207
|
+
static readonly id = "vanta";
|
|
208
|
+
static readonly resources: {
|
|
209
|
+
readonly vanta_control: {
|
|
210
|
+
readonly shape: "entity";
|
|
211
|
+
readonly filterable: [{
|
|
212
|
+
readonly field: "status";
|
|
213
|
+
readonly ops: ["eq"];
|
|
214
|
+
readonly values: ["PASSING", "FAILING", "NEEDS_ATTENTION"];
|
|
215
|
+
}, {
|
|
216
|
+
readonly field: "framework";
|
|
217
|
+
readonly ops: ["eq"];
|
|
218
|
+
}];
|
|
219
|
+
readonly description: "Vanta controls keyed by id. Each control belongs to one or more frameworks (SOC 2, HIPAA, ISO 27001, etc.) and has a roll-up status of PASSING, FAILING, or NEEDS_ATTENTION.";
|
|
220
|
+
readonly endpoint: "GET /v1/controls";
|
|
221
|
+
readonly notes: "Cursor pagination via pageCursor / pageSize. Controls are a full-snapshot resource: a full sync rewrites the scope on first page.";
|
|
222
|
+
readonly fields: [{
|
|
223
|
+
readonly name: "name";
|
|
224
|
+
readonly description: "Human-readable control name.";
|
|
225
|
+
}, {
|
|
226
|
+
readonly name: "status";
|
|
227
|
+
readonly description: "Roll-up status (PASSING, FAILING, or NEEDS_ATTENTION).";
|
|
228
|
+
}, {
|
|
229
|
+
readonly name: "framework";
|
|
230
|
+
readonly description: "Name of the first framework the control is mapped to (e.g. \"SOC 2\"). Use the framework dimension for distributions when a control maps to several frameworks.";
|
|
231
|
+
}, {
|
|
232
|
+
readonly name: "frameworks";
|
|
233
|
+
readonly description: "Comma-separated list of every framework the control is mapped to.";
|
|
234
|
+
}, {
|
|
235
|
+
readonly name: "lastEvaluated";
|
|
236
|
+
readonly description: "When Vanta last evaluated the control (Unix ms).";
|
|
237
|
+
}];
|
|
238
|
+
readonly responses: {
|
|
239
|
+
readonly oauth_token: z.ZodObject<{
|
|
240
|
+
access_token: z.ZodString;
|
|
241
|
+
token_type: z.ZodOptional<z.ZodString>;
|
|
242
|
+
expires_in: z.ZodOptional<z.ZodNumber>;
|
|
243
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
244
|
+
}, z.core.$strip>;
|
|
245
|
+
readonly controls: z.ZodObject<{
|
|
246
|
+
results: z.ZodObject<{
|
|
247
|
+
data: z.ZodArray<z.ZodObject<{
|
|
248
|
+
id: z.ZodString;
|
|
249
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
250
|
+
description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
251
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
252
|
+
frameworks: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
|
|
253
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
254
|
+
matchingId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
255
|
+
}, z.core.$strip>>>>;
|
|
256
|
+
lastEvaluatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
257
|
+
updatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
258
|
+
createdAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
259
|
+
}, z.core.$strip>>;
|
|
260
|
+
pageInfo: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
261
|
+
endCursor: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
262
|
+
hasNextPage: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
263
|
+
}, z.core.$strip>>>;
|
|
264
|
+
}, z.core.$strip>;
|
|
265
|
+
}, z.core.$strip>;
|
|
266
|
+
};
|
|
267
|
+
};
|
|
268
|
+
readonly vanta_test: {
|
|
269
|
+
readonly shape: "entity";
|
|
270
|
+
readonly filterable: [{
|
|
271
|
+
readonly field: "status";
|
|
272
|
+
readonly ops: ["eq"];
|
|
273
|
+
readonly values: ["OK", "NEEDS_ATTENTION", "DEACTIVATED", "IN_PROGRESS"];
|
|
274
|
+
}];
|
|
275
|
+
readonly description: "Vanta tests keyed by id. A test is the smallest unit of evaluation in Vanta and may be mapped to multiple controls.";
|
|
276
|
+
readonly endpoint: "GET /v1/tests";
|
|
277
|
+
readonly notes: "Cursor pagination via pageCursor / pageSize. Tests are a full-snapshot resource.";
|
|
278
|
+
readonly fields: [{
|
|
279
|
+
readonly name: "name";
|
|
280
|
+
readonly description: "Human-readable test name.";
|
|
281
|
+
}, {
|
|
282
|
+
readonly name: "status";
|
|
283
|
+
readonly description: "Test status (OK, NEEDS_ATTENTION, DEACTIVATED, or IN_PROGRESS).";
|
|
284
|
+
}, {
|
|
285
|
+
readonly name: "controlId";
|
|
286
|
+
readonly description: "First control id the test is mapped to (a test may be mapped to several controls).";
|
|
287
|
+
}, {
|
|
288
|
+
readonly name: "controlCount";
|
|
289
|
+
readonly description: "Number of controls the test is mapped to.";
|
|
290
|
+
}, {
|
|
291
|
+
readonly name: "evidenceCount";
|
|
292
|
+
readonly description: "Number of distinct evidence rows backing the test (counter maintained by Vanta).";
|
|
293
|
+
}, {
|
|
294
|
+
readonly name: "lastTested";
|
|
295
|
+
readonly description: "When Vanta last ran the test (Unix ms).";
|
|
296
|
+
}];
|
|
297
|
+
readonly responses: {
|
|
298
|
+
readonly tests: z.ZodObject<{
|
|
299
|
+
results: z.ZodObject<{
|
|
300
|
+
data: z.ZodArray<z.ZodObject<{
|
|
301
|
+
id: z.ZodString;
|
|
302
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
303
|
+
description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
304
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
305
|
+
controlIds: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
306
|
+
controls: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
|
|
307
|
+
id: z.ZodString;
|
|
308
|
+
}, z.core.$strip>>>>;
|
|
309
|
+
evidenceCount: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
310
|
+
lastTestedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
311
|
+
updatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
312
|
+
createdAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
313
|
+
}, z.core.$strip>>;
|
|
314
|
+
pageInfo: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
315
|
+
endCursor: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
316
|
+
hasNextPage: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
317
|
+
}, z.core.$strip>>>;
|
|
318
|
+
}, z.core.$strip>;
|
|
319
|
+
}, z.core.$strip>;
|
|
320
|
+
};
|
|
321
|
+
};
|
|
322
|
+
readonly vanta_test_finding: {
|
|
323
|
+
readonly shape: "event";
|
|
324
|
+
readonly filterable: [{
|
|
325
|
+
readonly field: "severity";
|
|
326
|
+
readonly ops: ["eq"];
|
|
327
|
+
readonly values: ["LOW", "MEDIUM", "HIGH", "CRITICAL"];
|
|
328
|
+
}, {
|
|
329
|
+
readonly field: "status";
|
|
330
|
+
readonly ops: ["eq"];
|
|
331
|
+
readonly values: ["OPEN", "RESOLVED", "DEFERRED", "WONT_FIX"];
|
|
332
|
+
}];
|
|
333
|
+
readonly description: "Test findings (one event per finding row), with severity, the test it came from, and resolved-at when applicable. Useful for open-finding counts and MTTR-to-resolution timeseries.";
|
|
334
|
+
readonly endpoint: "GET /v1/test-findings";
|
|
335
|
+
readonly notes: "Cursor pagination via pageCursor / pageSize. Full syncs walk back findingsLookbackDays days; incremental syncs use the sync `since` watermark.";
|
|
336
|
+
readonly fields: [{
|
|
337
|
+
readonly name: "findingId";
|
|
338
|
+
readonly description: "Vanta finding id.";
|
|
339
|
+
}, {
|
|
340
|
+
readonly name: "severity";
|
|
341
|
+
readonly description: "Finding severity (LOW, MEDIUM, HIGH, CRITICAL).";
|
|
342
|
+
}, {
|
|
343
|
+
readonly name: "status";
|
|
344
|
+
readonly description: "Finding status (OPEN, RESOLVED, DEFERRED, WONT_FIX).";
|
|
345
|
+
}, {
|
|
346
|
+
readonly name: "testId";
|
|
347
|
+
readonly description: "Id of the test that produced the finding.";
|
|
348
|
+
}, {
|
|
349
|
+
readonly name: "controlId";
|
|
350
|
+
readonly description: "First control id the finding is mapped to (via its test).";
|
|
351
|
+
}, {
|
|
352
|
+
readonly name: "resolvedAt";
|
|
353
|
+
readonly description: "Resolution timestamp (Unix ms) when resolved.";
|
|
354
|
+
}];
|
|
355
|
+
readonly responses: {
|
|
356
|
+
readonly findings: z.ZodObject<{
|
|
357
|
+
results: z.ZodObject<{
|
|
358
|
+
data: z.ZodArray<z.ZodObject<{
|
|
359
|
+
id: z.ZodString;
|
|
360
|
+
testId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
361
|
+
controlId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
362
|
+
severity: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
363
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
364
|
+
createdAt: z.ZodString;
|
|
365
|
+
resolvedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
366
|
+
description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
367
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
368
|
+
}, z.core.$strip>>;
|
|
369
|
+
pageInfo: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
370
|
+
endCursor: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
371
|
+
hasNextPage: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
372
|
+
}, z.core.$strip>>>;
|
|
373
|
+
}, z.core.$strip>;
|
|
374
|
+
}, z.core.$strip>;
|
|
375
|
+
};
|
|
376
|
+
};
|
|
377
|
+
};
|
|
378
|
+
static readonly schemas: {
|
|
379
|
+
readonly oauth_token: z.ZodObject<{
|
|
380
|
+
access_token: z.ZodString;
|
|
381
|
+
token_type: z.ZodOptional<z.ZodString>;
|
|
382
|
+
expires_in: z.ZodOptional<z.ZodNumber>;
|
|
383
|
+
scope: z.ZodOptional<z.ZodString>;
|
|
384
|
+
}, z.core.$strip>;
|
|
385
|
+
readonly controls: z.ZodObject<{
|
|
386
|
+
results: z.ZodObject<{
|
|
387
|
+
data: z.ZodArray<z.ZodObject<{
|
|
388
|
+
id: z.ZodString;
|
|
389
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
390
|
+
description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
391
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
392
|
+
frameworks: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
|
|
393
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
394
|
+
matchingId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
395
|
+
}, z.core.$strip>>>>;
|
|
396
|
+
lastEvaluatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
397
|
+
updatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
398
|
+
createdAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
399
|
+
}, z.core.$strip>>;
|
|
400
|
+
pageInfo: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
401
|
+
endCursor: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
402
|
+
hasNextPage: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
403
|
+
}, z.core.$strip>>>;
|
|
404
|
+
}, z.core.$strip>;
|
|
405
|
+
}, z.core.$strip>;
|
|
406
|
+
} & {
|
|
407
|
+
readonly tests: z.ZodObject<{
|
|
408
|
+
results: z.ZodObject<{
|
|
409
|
+
data: z.ZodArray<z.ZodObject<{
|
|
410
|
+
id: z.ZodString;
|
|
411
|
+
name: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
412
|
+
description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
413
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
414
|
+
controlIds: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
415
|
+
controls: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
|
|
416
|
+
id: z.ZodString;
|
|
417
|
+
}, z.core.$strip>>>>;
|
|
418
|
+
evidenceCount: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
419
|
+
lastTestedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
420
|
+
updatedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
421
|
+
createdAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
422
|
+
}, z.core.$strip>>;
|
|
423
|
+
pageInfo: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
424
|
+
endCursor: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
425
|
+
hasNextPage: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
426
|
+
}, z.core.$strip>>>;
|
|
427
|
+
}, z.core.$strip>;
|
|
428
|
+
}, z.core.$strip>;
|
|
429
|
+
} & {
|
|
430
|
+
readonly findings: z.ZodObject<{
|
|
431
|
+
results: z.ZodObject<{
|
|
432
|
+
data: z.ZodArray<z.ZodObject<{
|
|
433
|
+
id: z.ZodString;
|
|
434
|
+
testId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
435
|
+
controlId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
436
|
+
severity: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
437
|
+
status: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
438
|
+
createdAt: z.ZodString;
|
|
439
|
+
resolvedAt: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
440
|
+
description: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
441
|
+
resourceId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
442
|
+
}, z.core.$strip>>;
|
|
443
|
+
pageInfo: z.ZodOptional<z.ZodNullable<z.ZodObject<{
|
|
444
|
+
endCursor: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
445
|
+
hasNextPage: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
|
|
446
|
+
}, z.core.$strip>>>;
|
|
447
|
+
}, z.core.$strip>;
|
|
448
|
+
}, z.core.$strip>;
|
|
449
|
+
} & Readonly<Record<string, z.ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>>>;
|
|
450
|
+
static create(input: unknown, ctx?: ConnectorContext): VantaConnector;
|
|
451
|
+
readonly id = "vanta";
|
|
452
|
+
readonly credentials: {
|
|
453
|
+
clientId: {
|
|
454
|
+
description: string;
|
|
455
|
+
auth: "required";
|
|
456
|
+
};
|
|
457
|
+
clientSecret: {
|
|
458
|
+
description: string;
|
|
459
|
+
auth: "required";
|
|
460
|
+
};
|
|
461
|
+
};
|
|
462
|
+
private accessToken;
|
|
463
|
+
private accessTokenExpiry;
|
|
464
|
+
private scope;
|
|
465
|
+
private refreshAccessToken;
|
|
466
|
+
private getAccessToken;
|
|
467
|
+
private apiGet;
|
|
468
|
+
private buildListUrl;
|
|
469
|
+
private nextCursor;
|
|
470
|
+
private fetchControlsPage;
|
|
471
|
+
private fetchTestsPage;
|
|
472
|
+
private findingsSinceIso;
|
|
473
|
+
private fetchFindingsPage;
|
|
474
|
+
private writeControls;
|
|
475
|
+
private writeTests;
|
|
476
|
+
private writeFindings;
|
|
477
|
+
private writePhase;
|
|
478
|
+
private clearScopeOnFirstPage;
|
|
479
|
+
private resolveCursor;
|
|
480
|
+
sync(options: SyncOptions, storage: StorageHandle, signal?: AbortSignal): Promise<SyncResult>;
|
|
481
|
+
}
|
|
482
|
+
|
|
483
|
+
export { VantaConnector, type VantaResource, type VantaSettings, configFields, VantaConnector as default, doc, id, vantaResources as resources };
|