Send code vulnerability data straight to Vanta

Vanta is an industry leader in compliance automation and is trusted by thousands of companies. They simplify the complex, time-consuming process of preparing for SOC 2, ISO 27001, and several other compliances, and automate the implementation and monitoring of controls, which not only reduces the risk of data breaches but also gives you the security credibility you need.

DeepSource periodically reports security issues found in the default branch of all your repositories to Vanta, making it easier for you to keep track of your organization's source code compliance.


  1. From the sidebar, navigate to your team's Home, click on the Settings tab, and select Integrations. Click on the Vanta card.
  2. Click on the "Install integration" button. This will redirect you to Vanta's authorization page.
  3. Click on the 'Allow' button to grant permissions to DeepSource from your Vanta account. Make sure that you’re connecting the right workspace to your Vanta account.
  4. On your Vanta account, head over to the 'Integrations' tab in the sidebar and you should see that DeepSource has been successfully connected.

View DeepSource issues on Vanta

Security issues raised by DeepSource will show up under Tests, in the sidebar of your Vanta dashboard. If any of these issues cause a SOC 2 or ISO 27001 control to fail, you’ll get notified. You can then navigate to the repository on DeepSource and fix them.


To remove the Vanta integration, follow these steps:

  1. From your sidebar, go to your team settings and navigate to the Integrations tab.
  2. Select the Vanta card.
  3. Click on the "Uninstall Vanta" button. A pop-up confirmation will appear. Click "Yes, uninstall Vanta" to proceed with the uninstallation.