Vanta Doesn't Run Vulnerability Scans Panoptic Scans Does
Audit-ready external vulnerability scanning for Vanta customers in under 10 minutes. Run quarterly scans, generate auditor-friendly evidence, and automatically upload reports to Vanta without managing infrastructure.
Trusted by Vanta-driven teams
Security and compliance teams use Panoptic Scans to pass SOC 2, ISO 27001, and customer security reviews with repeatable scanning evidence.
See the evidence matrixEvidence that auditors accept
"Panoptic Scans produces exactly the evidence we need to close Vanta vulnerability scanning controls without the back-and-forth."
Vanta MarketplaceBuilt for Vanta Customers
Run OpenVAS and ZAP vulnerability scans that automatically upload auditor-ready evidence to Vanta.
OpenVAS, ZAP, Nuclei and Nmap
Industry-standard scanners for network and web testing - hosted for you with zero infrastructure to manage.
Auditor-friendly reports
Consistent report format, clear scope, and severity ratings so auditors get what they need fast.
Control coverage
Supports SOC 2 CC7.1, CC7.2, CC7.3, ISO 27001 A.12.6.1, and customer security questionnaires.
Vanta Control → Panoptic Scans Evidence Matrix
What auditors expect, and exactly what you can attach as evidence inside Vanta.
SOC 2 Trust Services Criteria
| Vanta Control | Auditor Expectation | Panoptic Scans Evidence |
|---|---|---|
| CC7.1 – Vulnerability Identification | Regular identification of external vulnerabilities | OpenVAS and ZAP scan reports with asset scope and timestamp |
| CC7.2 – Monitoring & Detection | Ongoing monitoring of systems | Scheduled scans and historical scan log |
| CC7.3 – Remediation | Evidence vulnerabilities are tracked and addressed | Findings list with severity plus remediation notes |
| CC8.1 – Change Management | Security risks identified before changes | Pre and post scan comparison reports |
ISO 27001
| ISO Control | Requirement | Panoptic Scans Evidence |
|---|---|---|
| A.12.6.1 | Technical vulnerability management | Vulnerability scan report with remediation tracking |
| A.8.8 | Management of technical vulnerabilities | Asset-scoped findings with severity ratings |
Why auditors like it
- Consistent report format
- Clear asset scope
- No screenshots required
- Repeatable across clients and audit periods
Auditor-friendly evidence checklist
- Scan date and time
- Asset scope (domains and IPs)
- Tool used (OpenVAS, ZAP, Nuclei, Nmap)
- Severity ratings
- Findings summary
- Remediation guidance
Close your vulnerability scanning gaps today.
Run your first scan in under 10 minutes.
Frequently Asked Questions
Does Panoptic Scans integrate with Vanta?
Yes. Panoptic Scans is built for teams using Vanta who need external vulnerability scanning evidence. Run scans, export reports, and attach evidence to the relevant controls in Vanta.
How fast can I run my first scan?
Most teams can add assets and start a scan in minutes. You'll get timestamped, auditor-friendly output without standing up servers, agents, or scanners.
What assets can I scan for Vanta evidence?
Internet-facing domains, IPs, and APIs - whatever is in scope for your audit. Reports include asset scope so auditors can clearly see what was scanned.
How often should we run scans for SOC 2?
Many SOC 2 programs run quarterly external vulnerability scans, and some teams choose monthly for stronger monitoring. Panoptic Scans supports both on-demand and scheduled scans with an evidence trail.
What does the evidence include for auditors?
Each report includes scan date and time, asset scope, tool used (OpenVAS, ZAP, Nuclei, Nmap), severity ratings, a findings summary, and remediation guidance aligned to what auditors request in Vanta.
Notice Warning Success Something went wrong