Vanta
Send code and dependency vulnerability data straight to Vanta
Vanta is an industry leader in compliance automation and is trusted by thousands of companies. They simplify the complex, time-consuming process of preparing for SOC 2, ISO 27001, and several other compliances, and automate the implementation and monitoring of controls, which not only reduces the risk of data breaches but also gives you the security credibility you need.
DeepSource periodically reports security issues found in the default branch of all your repositories to Vanta, including both code vulnerabilities (SAST) and vulnerable dependencies (SCA), making it easier for you to keep track of your organization’s source code compliance.
Installation
- From the sidebar, navigate to your team’s Home, click on the Settings tab, and select Integrations. Click on the Vanta card.
- Click on the “Install integration” button. This will redirect you to Vanta’s authorization page.
- Click on the ‘Allow’ button to grant permissions to DeepSource from your Vanta account. Make sure that you’re connecting the right workspace to your Vanta account.
- On your Vanta account, head over to the ‘Integrations’ tab in the sidebar and you should see that DeepSource has been successfully connected.
View DeepSource issues on Vanta
Security issues raised by DeepSource will show up under Tests and Assets, in the sidebar of your Vanta dashboard. This includes both code vulnerabilities (SAST) and vulnerable open-source dependencies (SCA). If any of these issues cause a SOC 2, ISO 27001, PCI DSS, or other compliance control to fail, you’ll get notified. You can then navigate to the repository on DeepSource and fix them.
Benefits of SCA Integration with Vanta
With the DeepSource SCA integration for Vanta, you get:
- Automatic reporting of vulnerable dependencies to your Vanta dashboard
- Real-time compliance status updates as issues are remediated
- Mapping of vulnerabilities to relevant compliance controls
- Reduction in noise through vulnerability reachability analysis
- Automatic collection of audit evidence for compliance frameworks
Uninstalling
To remove the Vanta integration, follow these steps:
- From your sidebar, go to your team settings and navigate to the Integrations tab.
- Select the Vanta card.
- Click on the “Uninstall Vanta” button. A pop-up confirmation will appear. Click “Yes, uninstall Vanta” to proceed with the uninstallation.