# Vulnerabilities The **Vulnerabilities** section in Sprinto helps you continuously track and manage security flaws across your cloud infrastructure, code repositories, and integrated tools. It acts as a central hub that pulls in vulnerability logs from connected monitoring sources like **AWS Inspector**, **GitLab**, **Snyk**, **Google Security Center**, **SonarCloud**, and more. This area enables security teams to: * View real-time vulnerability alerts from all integrated scanners. * Track open, resolved, or overdue vulnerabilities against defined SLA timelines. * Manually upload pentest findings and resolve vulnerabilities as needed. * Add periodic workflow checks to satisfy framework-specific controls when integrations are not available. {% hint style="info" %} Vulnerability detection and remediation are critical pillars of your compliance posture. Sprinto ensures that all findings—whether automated or manually uploaded—are logged, actioned, and audited correctly. {% endhint %} *** #### Where to find it? To access this section: 1. Log in to the Sprinto dashboard. 2. Go to **Data Library** > **Vulnerabilities**. You will land on the **Overview** tab, where all integrated monitoring sources are listed, alongside their compliance-mapped frameworks and open issue counts. *** #### Key Capabilities * **Native Integrations**: Connect with leading vulnerability scanners for infrastructure and code security. For example, Snyk, AWS Inspector, Google Security Center, and more. * **Pentest Uploads**: Import vulnerabilities found during certified penetration tests—individually or in bulk—alongside the official VPAT report. * **SLA Monitoring**: Automatically flag issues that miss resolution deadlines. Each vulnerability is tagged with severity, status, and assignee. * **Special Case Handling**: Mark specific vulnerabilities as out-of-scope or under extension with justification and expiry. * **Workflow Checks**: Add manual checks (e.g., for bias testing, AI system scans, red teaming) to meet framework requirements not covered via integrations. *** #### Types of Monitoring Sources
Source TypeExamplesDescription
InfrastructureAWS Inspector, Google Security CenterScans your cloud infrastructure and services.
CodebaseGitLab, SLScan, Dependabot, SnykDetects issues in application code and third-party libraries.
EndpointsCrowdStrike SpotlightDetects endpoint vulnerabilities (e.g., user devices).
Ticketing/TrackingJiraCentralises remediation workflow across all sources.
*** #### Mapped Frameworks Sprinto maps vulnerabilities to frameworks such as: * **PCI DSS** * **SOC 2** * **ISO 27001** * **GDPR** * **CPRA** * **NIST 800-53** Mapped control IDs (e.g., SDC 55, SDC 56, SDC 63) are displayed in the sidebar and next to each integration. *** #### Example View From the **Overview tab**, you can: * View all integrated monitoring sources. * Check the number of open vulnerabilities. * View associated controls for compliance mapping. * Add new workflow checks or monitoring sources. * View integration issues (if any). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/data-library/vulnerabilities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.