Sprinto Dashboard

Upload Pentest Report and Add Vulnerabilities

Learn how to upload penetration test reports and log associated vulnerabilities on Sprinto for compliance tracking.

Sprinto enables you to document vulnerabilities identified through certified penetration tests (pentests). You can upload the pentest report and log vulnerabilities manually or in bulk using a standard template.

Once added, these vulnerabilities appear under the Pentest tab and must be resolved or marked as special cases to meet SLA and audit requirements.

Before You Begin

Ensure the following:

  • You have access to the Sprinto admin portal.

  • Your pentest report is performed by a certified provider.

  • The final pentest report file is ready in a supported format (e.g. PDF, DOCX).

  • You have the details of each vulnerability identified (e.g. severity, description).

Procedure

To upload a pentest report and add vulnerabilities:

  1. Go to Data Library > Vulnerabilities > Overview.

  2. Click the Pentest tab in the left navigation panel.

  3. Select the workflow check labelled Periodic VPAT report needs to be uploaded.

  4. Click the Pentest Reports tab.

  5. Fill in the following details:

    • Pentest name

    • Report issue date

  6. Click Upload file and select the pentest report from your device.

Add Vulnerabilities

You can add the vulnerabilities listed in your pentest report using one of the following methods:

Option 1: Add Individually

  1. Select Add vulnerabilities manually.

  2. Enter each vulnerability's:

    • Name or CVE reference

    • Severity level (e.g. High, Moderate)

    • Description

  3. Click Add to include multiple vulnerabilities if needed.

Option 2: Bulk Import via CSV

  1. Select Bulk-import vulnerabilities.

  2. Download the CSV template.

  3. Fill in the required fields (e.g. name, severity, description) using the specified format.

  4. Click Upload file and select your completed template file.

Finalise Upload

  • Once all details are entered, click Upload pentest report to save your entries.

  • The uploaded report and listed vulnerabilities now appear under the Pentest section.

What Next?

You must now:

  • Resolve the open vulnerabilities from the relevant infrastructure or codebase.

  • Mark each resolved vulnerability as Closed in Sprinto.

  • If a vulnerability is not applicable, you may mark it as a Special Case.

PreviousSet Up Vulnerability Monitoring SourceNextResolve Vulnerabilities

Last updated