search
Sprinto DashboardAPI Reference

RapidFort Integration

Integrate RapidFort with Sprinto to automatically collect vulnerability scan findings and map them to compliance controls.

geSprinto integrates with RapidFort to automatically fetch vulnerability scan findings and evaluate them against relevant compliance controls. This integration eliminates manual evidence collection and ensures continuous visibility into container and image vulnerabilities.

Once connected, Sprinto periodically syncs scan results from RapidFort and reflects them across applicable controls and dashboards.

hashtag
How it Works

After you connect RapidFort to Sprinto:

  • Sprinto securely reads vulnerability scan data from RapidFort using API credentials.

  • Vulnerability findings are mapped to supported controls and checks.

  • Evidence is refreshed automatically at regular intervals.

  • Control statuses update based on the latest scan results.

The integration uses read-only access and does not modify any data in your RapidFort account.

hashtag
Prerequisites

Before setting up the integration, ensure that:

  • You have an active RapidFort account.

  • You have admin access in RapidFort.

  • You can create or access service account credentials in RapidFort.

hashtag
Set Up the RapidFort Integration

hashtag
Navigate to the Integration

  1. Log in to the Sprinto dashboard.

  2. Go to Settings.

  3. Select Integrations.

  4. In the All tab, search for RapidFort.

  5. Locate RapidFort under Vulnerability Scanning Providers.

  6. Click Connect.

hashtag
Review Controls, Checks, and Permissions

When the integration drawer opens, review the following details:

  • Controls automated: 23 controls

  • Checks automated: 1 check

  • Permissions required: Full Access (Read-only)

Data used by Sprinto includes:

  • Project unique identifier

  • Vulnerability unique identifier

  • Rule

  • Severity

  • Component or file

  • Line

  • Message

After reviewing the information, click Next.

hashtag
Provide Integration Details

On the Setup RapidFort Integration screen, enter the following details:

  • Access ID

  • Secret Key

  • Root URL Example: https://example.rapidfort.com

These values are obtained from your RapidFort service account.

Click Connect once you have entered these details.

hashtag
Get Your RapidFort API Credentials

Sprinto connects to RapidFort using service account credentials. You can either reuse an existing service account or create a new one.

hashtag
Navigate to Service Accounts

  1. Log in to your RapidFort account.

  2. From the top-right corner of the screen, click the Settings icon.

  1. In the left navigation pane, select Service accounts.

You can view existing service accounts, their keys, and expiration details on this page.

hashtag
Create a New Service Account (Optional)

If you do not already have a service account:

  1. On the Service accounts page, click Create new service account.

  2. In the drawer that opens, enter the following:

    • Name/Tag: A descriptive name for the service account.

    • Email: The email address associated with the account.

    • Expiration time: Select how long the credentials should remain valid.

    • Password: Enter your RapidFort account password to confirm.

  3. Click Create.

RapidFort generates the service account credentials once the account is created successfully.

hashtag
Save the Credentials Securely

After creating the service account, copy and securely store the following details:

  • Access ID

  • Secret Key

The secret key may not be displayed again. Store it securely before leaving the page.

hashtag
What Happens Next

After the integration is complete:

  • Vulnerability scan findings are automatically synced from RapidFort.

  • Evidence is mapped to relevant controls and checks.

  • Control statuses update continuously based on the latest scan results.

  • No further configuration is required unless credentials are rotated or expire.

hashtag
FAQs

Does Sprinto modify data in RapidFort? No. Sprinto uses read-only access and does not modify or delete any data in RapidFort.

What happens if the service account credentials expire? If credentials expire or are rotated, update them in the RapidFort integration settings in Sprinto to resume syncing.

Can I disconnect the integration later? Yes. You can disable or remove the RapidFort integration from the Integrations page in Sprinto.

hashtag
Final step

After completion, allow 15 to 20 minutes for Sprinto to finish the data syncing process. Sprinto may take a few hours to evaluate the synced data and activate relevant Sprinto checks. If needed, go to Data Library > Vulnerabilities and click RapidFort to review any detected vulnerability that needs action.

If you need any assistance with the integration, kindly get in touch with Sprinto supportenvelope.

PreviousQualys IntegrationNextRippling Integration

Last updated