MCP ExplorerExplorer

Vanta Mcp Server

@VantaIncon 13 days ago
1 MIT
FreeCommunity
AI Systems
Vanta MCP Server enables AI assistants to access automated security compliance data.

Overview

What is Vanta Mcp Server

Vanta MCP Server is a Model Context Protocol server that provides access to Vanta’s automated security compliance platform, enabling organizations to achieve and maintain compliance with various security frameworks through automated monitoring and testing.

Use cases

Use cases include continuous monitoring of security compliance, retrieving detailed compliance test results, managing security findings, and ensuring adherence to specific control requirements across various compliance frameworks.

How to use

To use Vanta MCP Server, AI assistants can interact with its API to retrieve compliance test results, manage security findings, and access framework requirements. Users should ensure the accuracy of AI-generated responses before taking compliance actions.

Key features

Key features include access to over 1,200 automated security tests, support for 35+ compliance frameworks, detailed control requirements, monitoring of compliance status, and security control management.

Where to use

Vanta MCP Server is used in industries that require adherence to security compliance standards, such as technology, finance, healthcare, and any organization that needs to comply with frameworks like SOC 2, ISO 27001, HIPAA, and GDPR.

Content

Vanta MCP Server

A Model Context Protocol server that provides access to Vanta’s automated security compliance platform. Vanta helps organizations achieve and maintain compliance with security frameworks like SOC 2, ISO 27001, HIPAA, GDPR, and others through automated monitoring, evidence collection, and continuous security testing. This MCP server enables AI assistants to interact with Vanta’s API to retrieve compliance test results, manage security findings, and access framework requirements.

⚠️ Important Disclaimer: This server is currently in public preview and provides AI assistants with access to your Vanta compliance data. Always verify the accuracy and appropriateness of AI-generated responses before taking any compliance or security actions. Users are responsible for reviewing all outputs and ensuring they meet their organization’s security and compliance requirements.

Features

Security Test Management

  • Access Vanta’s 1,200+ automated security tests that run continuously to monitor compliance
  • Retrieve test results with filtering by status (passing/failing), cloud provider (AWS/Azure/GCP), or compliance framework
  • Get detailed information about failing resources (test entities) that need remediation

Compliance Framework Operations

  • Access 35+ supported compliance frameworks including SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP, and PCI
  • Retrieve detailed control requirements and evidence mappings for each framework
  • Monitor framework completion progress and compliance status
  • Get specific control details that map to automated tests and required documentation

Security Control Management

  • List all security controls across all compliance frameworks in your account
  • View control names, descriptions, framework mappings, and implementation status
  • Get specific tests that validate each security control
  • Understand which automated tests monitor compliance for specific controls

Multi-Region Support

  • US, EU, and AUS regions with region-specific API endpoints
  • Global compliance support for distributed organizations

Tools

Tool Name Description
get_tests Retrieve Vanta’s automated security and compliance tests. Filter by status (OK, NEEDS_ATTENTION, DEACTIVATED), cloud integration (aws, azure, gcp), or compliance framework (soc2, iso27001, hipaa). Returns test results showing which security controls are passing or failing across your infrastructure.
get_test_entities Get specific resources (entities) that are failing a particular security test. For example, if an AWS security group test is failing, this returns the actual security group IDs and details about what’s wrong. Essential for understanding exactly which infrastructure components need remediation.
get_frameworks List all compliance frameworks available in your Vanta account (SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP, PCI, etc.) along with completion status and progress metrics. Shows which frameworks you’re actively pursuing and their current compliance state.
get_framework_controls Get detailed security control requirements for a specific compliance framework. Returns the specific controls, their descriptions, implementation guidance, and current compliance status. Essential for understanding what security measures are required for each compliance standard.
get_controls List all security controls across all frameworks in your Vanta account. Returns control names, descriptions, framework mappings, and current implementation status. Use this to see all available controls or to find a specific control ID for use with other tools.
get_control_tests Get all automated tests that validate a specific security control. Use this when you know a control ID and want to see which specific tests monitor compliance for that control. Returns test details, current status, and any failing entities for the control’s tests.

Configuration

Vanta OAuth Credentials

  1. Create OAuth credentials from the developer dashboard
  2. Save the client_id and client_secret to a env file:
    {
  "client_id": "your_client_id_here",
  "client_secret": "your_client_secret_here"
}

Note: Vanta currently only allows a single active access_token per Application today. More info here

Usage with Claude Desktop

Add the server to your claude_desktop_config.json:

{
  "mcpServers": {
    "vanta": {
      "command": "npx",
      "args": [
        "-y",
        "@vantasdk/vanta-mcp-server"
      ],
      "env": {
        "VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
      }
    }
  }
}

If you are unfamiliar with setting up MCP servers in Claude Desktop, here is an example in the official MCP documentation.

Usage with Cursor

Add the server to your Cursor MCP settings:

{
  "mcpServers": {
    "Vanta": {
      "command": "npx",
      "args": [
        "-y",
        "@vantasdk/vanta-mcp-server"
      ],
      "env": {
        "VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
      }
    }
  }
}

Environment Variables

  • VANTA_ENV_FILE (required): Absolute path to a file containing JSON OAuth credentials
  • REGION (optional): API region - us, eu, or aus (defaults to us)

Installation

NPX (Recommended)

npx @vantasdk/vanta-mcp-server

Global Installation

npm install -g @vantasdk/vanta-mcp-server
vanta-mcp-server

From Source

git clone https://github.com/VantaInc/vanta-mcp-server.git
cd vanta-mcp-server
npm install
npm run build
npm start

Build from Source

To build from source:

npm run build

This will:

  1. Compile TypeScript to JavaScript
  2. Make the output executable
  3. Place built files in the build/ directory

Now you can configure your Claude Desktop or Cursor to use the built executable:

{
  "mcpServers": {
    "Vanta": {
      "command": "node",
      "args": [
        "/absolute/path/to/vanta-mcp-server/build/index.js"
      ],
      "env": {
        "VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
      }
    }
  }
}

Debugging

You can use the MCP Inspector to debug the server:

npx @modelcontextprotocol/inspector npx @vantasdk/vanta-mcp-server

The inspector will open in your browser, allowing you to test tool calls and inspect the server’s behavior.

Example Usage

Get failing AWS tests for SOC2

{
  "tool": "get_tests",
  "arguments": {
    "statusFilter": "NEEDS_ATTENTION",
    "integrationFilter": "aws",
    "frameworkFilter": "soc2",
    "pageSize": 50
  }
}

License

This project is licensed under the terms of the MIT open source license. Please refer to LICENSE file for details.

Tools

No tools

Comments