Frequently Asked Questions

Get answers to common questions about managing vulnerabilities, workflow checks, and pentest reports in Sprinto.

This section addresses common queries related to the Vulnerabilities module in Sprinto, including monitoring, evidence collection, SLA tracking, and special case handling.

1. What types of vulnerabilities can Sprinto track?

Sprinto can track:

Vulnerabilities reported by integrated scanners (e.g. AWS Inspector, GitLab, Snyk).
Manually uploaded vulnerabilities from pentest reports.
Manually recorded findings through workflow checks.

2. How are vulnerability statuses updated?

For integrated sources, Sprinto automatically syncs the status when the vulnerability is resolved at the source. For pentest-uploaded vulnerabilities, you must manually mark them as Closed once remediated.

3. What happens if I miss the SLA?

If a vulnerability is not resolved within its defined SLA window:

The associated system-status check transitions from Due to Critical, and eventually to Failing.
The issue is flagged in compliance reports.
You can mark the issue as a special case (with justification) to avoid check failure, if appropriate.

4. Can I remove or delete vulnerabilities?

No. Sprinto retains a complete audit log of all reported vulnerabilities. However, you can:

Resolve them at the source to mark them as Passing.
Mark them as Special Cases if they are not applicable.

5. What qualifies as valid evidence for a workflow check?

Evidence can include:

Screenshots of scan results
Audit logs or mail confirmations
Security tool reports
Configuration screenshots

All evidence must clearly demonstrate that the required process was completed.

6. Can I assign workflow checks to other team members?

Yes. When creating or editing a workflow check, you can assign it to any Sprinto user with appropriate access. The assigned stakeholder will be responsible for uploading evidence when the check becomes active.

7. What is the difference between workflow checks and system-status checks?

Check Type

Description

System-status check

Triggered by integrated sources and updated automatically based on sync status.

Workflow check

Configured manually to cover additional requirements. Evidence must be uploaded manually to mark it as passing.

8. How do I know if an integration is broken or failing?

If an integration issue is detected, you will see a banner on the Overview page. Click View and Fix to troubleshoot authentication or configuration problems.

PreviousMark Vulnerabilities as Special Cases NextGlossary

Last updated 7 months ago

hashtag1. What types of vulnerabilities can Sprinto track?

hashtag2. How are vulnerability statuses updated?

hashtag3. What happens if I miss the SLA?

hashtag4. Can I remove or delete vulnerabilities?

hashtag5. What qualifies as valid evidence for a workflow check?

hashtag6. Can I assign workflow checks to other team members?

hashtag7. What is the difference between workflow checks and system-status checks?

hashtag8. How do I know if an integration is broken or failing?