steampipe plugin install vanta

Table: vanta_vendor - Query Vanta Vendor using SQL

Vanta Vendor is a resource within the Vanta service that provides detailed information about the vendors used by an organization. It includes details about the vendors' profiles, such as their security and compliance status. This information is crucial for organizations to understand and manage the security risks associated with their vendors.

Table Usage Guide

The vanta_vendor table provides insights into the vendors used by an organization within the Vanta service. As a security analyst, you can explore vendor-specific details through this table, including their security and compliance status. Utilize it to uncover information about your vendors, such as their security scores, the number of employees, and the services they provide.

Important Notes

  • To query the table you must set session_id argument in the config file (~/.steampipe/config/vanta.spc).

Examples

Basic info

Explore which vendors have been enlisted by Vanta, along with their respective severity levels and corresponding URLs. This can be useful for assessing the risk profile associated with each vendor and managing them efficiently.

select
name,
id,
severity,
url
from
vanta_vendor;
select
name,
id,
severity,
url
from
vanta_vendor;

List vendors with high severity

Uncover the details of vendors categorized as high severity. This information can be useful for prioritizing vendor management tasks and focusing on potential risk areas.

select
name,
id,
severity,
url
from
vanta_vendor
where
severity = 'high';
select
name,
id,
severity,
url
from
vanta_vendor
where
severity = 'high';

List vendors with security checks overdue

Discover the vendors whose security checks are overdue by a year. This query is useful to maintain security standards and ensure all vendors are regularly reviewed.

select
name,
id,
severity,
url
from
vanta_vendor
where
current_timestamp > (
latest_security_review_completed_at + interval '1 year'
);
select
name,
id,
severity,
url
from
vanta_vendor
where
strftime('%s', 'now') > strftime('%s', latest_security_review_completed_at) + 60 * 60 * 24 * 365;

List vendors with no documents provided

Identify vendors who have not submitted any assessment documents. This query can be useful for compliance checks and to ensure all vendors are meeting documentation requirements.

select
name,
id,
severity,
url
from
vanta_vendor
where
assessment_documents is null;
select
name,
id,
severity,
url
from
vanta_vendor
where
assessment_documents is null;

Get the owner information of each vendor

Discover the segments that have specific vendor ownership. This query allows you to identify and understand the relationship between vendors and their owners, which is essential for managing vendor relationships and permissions effectively.

select
v.name as vendor_name,
v.severity as vendor_severity,
u.display_name as owner_name,
u.email as owner_email,
u.permission_level
from
vanta_vendor as v
join vanta_user as u on v.owner ->> 'id' = u.id;
select
v.name as vendor_name,
v.severity as vendor_severity,
u.display_name as owner_name,
u.email as owner_email,
u.permission_level
from
vanta_vendor as v
join vanta_user as u on json_extract(v.owner, '$.id') = u.id;

Schema for vanta_vendor

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
assessment_documentsjsonbSpecifies the list of uploaded security assessment documents.
idtextA unique identifier of the vendor.
latest_security_review_completed_attimestamp with time zoneThe time when the security assessment was last reviewed.
nametextThe display name of the vendor.
organization_nametextThe name of the organization.
ownerjsonbThe owner of the vendor.
risk_profilejsonbSpecifies the risk profile of the vendor.
services_providedtextSpecifies the use-case of the vendor.
severitytext=The risk level of the vendor.
shares_credit_card_databooleanIf true, Vanta shares credit card information with the vendor.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
submitted_vaqsjsonbA list of submitted VAQs.
urltextThe URL of the vendor tool.
vendor_categorytextThe vendor category.
vendor_risk_lockedbooleanIf true, the vendor risk level is locked.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- vanta

You can pass the configuration to the command with the --config argument:

steampipe_export_vanta --config '<your_config>' vanta_vendor