Understand how Sprinto detects, tracks, and helps resolve vulnerabilities across integrated scanners and manual workflows to ensure compliance.
The Vulnerabilities section in Sprinto is designed to help you maintain a compliant and secure infrastructure by enabling both automated monitoring and manual evidence submission. It consolidates vulnerability logs from multiple sources and allows you to take corrective actions within SLA timelines.
Sprinto supports two complementary workflows:
If you have connected your infrastructure or code repositories to Sprinto via native integrations, Sprinto will automatically fetch and reflect vulnerability data.
Detection flow:
Source triggers an alert: An integrated scanner (e.g., AWS Inspector, GitLab, SonarCloud) detects a vulnerability in real time.
Sprinto imports the log: The detected vulnerability is fetched into Sprinto, along with metadata such as severity, due date, and the assigned stakeholder.
System-status check is activated: A compliance check is triggered, which must be closed before the due date.
SLA tracking begins: Sprinto updates the vulnerability’s status to Due, Critical, or Failing based on how close the due date is.
Resolution:
You must remediate the issue directly on the source platform.
Once the vulnerability is closed at the source, Sprinto automatically updates the log status to Resolved and marks the compliance check as Passing.
If your vulnerability monitoring source is not integrated with Sprinto, or you wish to document additional processes (e.g., red teaming, external scans), you can create workflow checks.
Setup:
Navigate to the Overview tab and click + Add workflow check.
Choose from predefined check templates or create your own.
Assign the check to a stakeholder, set the frequency, and define when it becomes active.
Execution:
When a workflow check becomes Due, the responsible stakeholder must:
Upload evidence (e.g., scan reports, screen captures, audit logs).
Mark the check as completed by submitting the evidence with a date.
Once complete, the workflow check status is marked as Passing.
In addition to live monitoring, Sprinto allows you to manage vulnerabilities discovered via periodic penetration testing:
Upload a certified pentest report under the Pentest tab.
Add open vulnerabilities manually (individually or via CSV bulk upload).
Track their resolution manually or mark them as special cases if justified.
If a detected vulnerability is:
Not relevant to the product,
Outside the scope of the current compliance framework, or
Requires a temporary exception,
…you can mark it as a Special Case with a reason and optional expiry date.
Sprinto will move the check status to Passing while still including the item in compliance audit logs under a special category.
Last updated
