Sprinto Dashboard

Vulnerabilities

Learn how Sprinto helps monitor, resolve, and document vulnerabilities across your infrastructure and codebase for seamless compliance.

The Vulnerabilities section in Sprinto helps you continuously track and manage security flaws across your cloud infrastructure, code repositories, and integrated tools. It acts as a central hub that pulls in vulnerability logs from connected monitoring sources like AWS Inspector, GitLab, Snyk, Google Security Center, SonarCloud, and more.

This area enables security teams to:

  • View real-time vulnerability alerts from all integrated scanners.

  • Track open, resolved, or overdue vulnerabilities against defined SLA timelines.

  • Manually upload pentest findings and resolve vulnerabilities as needed.

  • Add periodic workflow checks to satisfy framework-specific controls when integrations are not available.

Vulnerability detection and remediation are critical pillars of your compliance posture. Sprinto ensures that all findings—whether automated or manually uploaded—are logged, actioned, and audited correctly.

Where to find it?

To access this section:

  1. Log in to the Sprinto dashboard.

  2. Go to Data Library > Vulnerabilities.

You will land on the Overview tab, where all integrated monitoring sources are listed, alongside their compliance-mapped frameworks and open issue counts.

Key Capabilities

  • Native Integrations: Connect with leading vulnerability scanners for infrastructure and code security. For example, Snyk, AWS Inspector, Google Security Center, and more.

  • Pentest Uploads: Import vulnerabilities found during certified penetration tests—individually or in bulk—alongside the official VPAT report.

  • SLA Monitoring: Automatically flag issues that miss resolution deadlines. Each vulnerability is tagged with severity, status, and assignee.

  • Special Case Handling: Mark specific vulnerabilities as out-of-scope or under extension with justification and expiry.

  • Workflow Checks: Add manual checks (e.g., for bias testing, AI system scans, red teaming) to meet framework requirements not covered via integrations.

Types of Monitoring Sources

Source Type
Examples
Description

Infrastructure

AWS Inspector, Google Security Center

Scans your cloud infrastructure and services.

Codebase

GitLab, SLScan, Dependabot, Snyk

Detects issues in application code and third-party libraries.

Endpoints

CrowdStrike Spotlight

Detects endpoint vulnerabilities (e.g., user devices).

Ticketing/Tracking

Jira

Centralises remediation workflow across all sources.

Mapped Frameworks

Sprinto maps vulnerabilities to frameworks such as:

  • PCI DSS

  • SOC 2

  • ISO 27001

  • GDPR

  • CPRA

  • NIST 800-53

Mapped control IDs (e.g., SDC 55, SDC 56, SDC 63) are displayed in the sidebar and next to each integration.

Example View

From the Overview tab, you can:

  • View all integrated monitoring sources.

  • Check the number of open vulnerabilities.

  • View associated controls for compliance mapping.

  • Add new workflow checks or monitoring sources.

  • View integration issues (if any).

PreviousTicket_Based_Change_ManagementNextHow It Works

Last updated