# Frequently Asked Questions

This section addresses common queries related to the *Vulnerabilities* module in Sprinto, including monitoring, evidence collection, SLA tracking, and special case handling.

***

#### 1. What types of vulnerabilities can Sprinto track?

Sprinto can track:

* Vulnerabilities reported by integrated scanners (e.g. AWS Inspector, GitLab, Snyk).
* Manually uploaded vulnerabilities from pentest reports.
* Manually recorded findings through workflow checks.

***

#### 2. How are vulnerability statuses updated?

For integrated sources, Sprinto automatically syncs the status when the vulnerability is resolved at the source. For pentest-uploaded vulnerabilities, you must manually mark them as *Closed* once remediated.

***

#### 3. What happens if I miss the SLA?

If a vulnerability is not resolved within its defined SLA window:

* The associated system-status check transitions from **Due** to **Critical**, and eventually to **Failing**.
* The issue is flagged in compliance reports.
* You can mark the issue as a special case (with justification) to avoid check failure, if appropriate.

***

#### 4. Can I remove or delete vulnerabilities?

No. Sprinto retains a complete audit log of all reported vulnerabilities. However, you can:

* Resolve them at the source to mark them as **Passing**.
* Mark them as **Special Cases** if they are not applicable.

***

#### 5. What qualifies as valid evidence for a workflow check?

Evidence can include:

* Screenshots of scan results
* Audit logs or mail confirmations
* Security tool reports
* Configuration screenshots

All evidence must clearly demonstrate that the required process was completed.

***

#### 6. Can I assign workflow checks to other team members?

Yes. When creating or editing a workflow check, you can assign it to any Sprinto user with appropriate access. The assigned stakeholder will be responsible for uploading evidence when the check becomes active.

***

#### 7. What is the difference between workflow checks and system-status checks?

<table><thead><tr><th width="202.53515625">Check Type</th><th>Description</th></tr></thead><tbody><tr><td><strong>System-status check</strong></td><td>Triggered by integrated sources and updated automatically based on sync status.</td></tr><tr><td><strong>Workflow check</strong></td><td>Configured manually to cover additional requirements. Evidence must be uploaded manually to mark it as passing.</td></tr></tbody></table>

***

#### 8. How do I know if an integration is broken or failing?

If an integration issue is detected, you will see a banner on the Overview page. Click **View and Fix** to troubleshoot authentication or configuration problems.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/data-library/vulnerabilities/frequently-asked-questions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.