Setting up and configuring the Vanta integration requires admin rights in Coana.

The Vanta integration can be installed from the Integrations (opens in a new tab) page. This app enables the synchronization of Coana Vulnerabilities with Vanta.

Install Vanta integration

Go to Settings → Integrations (opens in a new tab) and click the "Add to Vanta" button.

Click "✓ Allow"

Notice, you may want to click the "Link your EU Vanta Instance to Coana" link below the buttons before you click "✓ Allow" if you are using a Vanta instance in the EU.


Coana now automatically syncs with Vanta every 45 minutes. By default, Coana is configured not to sync "not reachable" alerts, ensuring that these alerts don't appear in your Vanta dashboard. Also, by default, Vanta is configured to include vulnerabilities that only affect development dependencies. You can change these options by going to the Settings → Integrations (opens in a new tab) and toggling the 'Synchronize "Not reachable" alerts' and 'Synchronize vulnerabilities that only affect dev dependencies' options.