@vantasdk/vanta-mcp-server/build/operations/vulnerabilities.js

Model Context Protocol server for Vanta's security compliance platform

// 1. Imports
import { z, createConsolidatedSchema, makeConsolidatedRequest, } from "./common/imports.js";
// 2. Input Schemas
const VulnerabilitiesInput = createConsolidatedSchema({
    paramName: "vulnerabilityId",
    description: "Vulnerability ID to retrieve, e.g. 'vulnerability-123' or specific vulnerability identifier. If provided, returns the specific vulnerability, and no other parameters may be provided. If omitted, lists all vulnerabilities with optional filtering and pagination.",
    resourceName: "vulnerability",
}, {
    externalVulnerabilityId: z
        .string()
        .describe("Filter vulnerabilities by external vulnerability ID (e.g. CVE-2024-1234). Returns vulnerabilities that match the provided external vulnerability ID.")
        .optional(),
    severity: z
        .string()
        .describe("Filter vulnerabilities by severity. Possible values: LOW (Low severity), MEDIUM (Medium severity), HIGH (High severity), CRITICAL (Critical severity)")
        .optional(),
    integrationId: z
        .string()
        .describe("Filter vulnerabilities by integration ID. Returns vulnerabilities that are associated with the specified integration.")
        .optional(),
    slaDeadlineAfter: z
        .string()
        .describe("Filter vulnerabilities by SLA deadline after the specified date. Returns vulnerabilities that have an SLA deadline after the specified date. Date should be formatted as YYYY-MM-DD.")
        .optional(),
    slaDeadlineBefore: z
        .string()
        .describe("Filter vulnerabilities by SLA deadline before the specified date. Returns vulnerabilities that have an SLA deadline before the specified date. Date should be formatted as YYYY-MM-DD.")
        .optional(),
});
// 3. Tool Definitions
export const VulnerabilitiesTool = {
    name: "vulnerabilities",
    description: "Access vulnerabilities in your Vanta account. Provide vulnerabilityId to get a specific vulnerability, or omit to list all vulnerabilities. Returns vulnerability details, severity levels, and status for security monitoring.",
    parameters: VulnerabilitiesInput,
};
// 4. Implementation Functions
export async function vulnerabilities(args) {
    return makeConsolidatedRequest("/v1/vulnerabilities", args, "vulnerabilityId");
}
// Registry export for automated tool registration
export default {
    tools: [{ tool: VulnerabilitiesTool, handler: vulnerabilities }],
};