# Frequently Asked Questions

This section addresses common queries related to the *Vulnerabilities* module in Sprinto, including monitoring, evidence collection, SLA tracking, and special case handling.

***

#### 1. What types of vulnerabilities can Sprinto track?

Sprinto can track:

* Vulnerabilities reported by integrated scanners (e.g. AWS Inspector, GitLab, Snyk).
* Manually uploaded vulnerabilities from pentest reports.
* Manually recorded findings through workflow checks.

***

#### 2. How are vulnerability statuses updated?

For integrated sources, Sprinto automatically syncs the status when the vulnerability is resolved at the source. For pentest-uploaded vulnerabilities, you must manually mark them as *Closed* once remediated.

***

#### 3. What happens if I miss the SLA?

If a vulnerability is not resolved within its defined SLA window:

* The associated system-status check transitions from **Due** to **Critical**, and eventually to **Failing**.
* The issue is flagged in compliance reports.
* You can mark the issue as a special case (with justification) to avoid check failure, if appropriate.

***

#### 4. Can I remove or delete vulnerabilities?

No. Sprinto retains a complete audit log of all reported vulnerabilities. However, you can:

* Resolve them at the source to mark them as **Passing**.
* Mark them as **Special Cases** if they are not applicable.

***

#### 5. What qualifies as valid evidence for a workflow check?

Evidence can include:

* Screenshots of scan results
* Audit logs or mail confirmations
* Security tool reports
* Configuration screenshots

All evidence must clearly demonstrate that the required process was completed.

***

#### 6. Can I assign workflow checks to other team members?

Yes. When creating or editing a workflow check, you can assign it to any Sprinto user with appropriate access. The assigned stakeholder will be responsible for uploading evidence when the check becomes active.

***

#### 7. What is the difference between workflow checks and system-status checks?

<table><thead><tr><th width="202.53515625">Check Type</th><th>Description</th></tr></thead><tbody><tr><td><strong>System-status check</strong></td><td>Triggered by integrated sources and updated automatically based on sync status.</td></tr><tr><td><strong>Workflow check</strong></td><td>Configured manually to cover additional requirements. Evidence must be uploaded manually to mark it as passing.</td></tr></tbody></table>

***

#### 8. How do I know if an integration is broken or failing?

If an integration issue is detected, you will see a banner on the Overview page. Click **View and Fix** to troubleshoot authentication or configuration problems.