A Model Context Protocol server that provides access to Vanta's automated security compliance platform. Vanta helps organizations achieve and maintain compliance with security frameworks like SOC 2, ISO 27001, HIPAA, GDPR, and others through automated monitoring, evidence collection, and continuous security testing. This MCP server enables AI assistants to interact with Vanta's API to retrieve compliance test results, manage security findings, and access framework requirements.
⚠️ Important Disclaimer: This experimental server is currently in public preview and provides AI assistants with access to your Vanta compliance data. You may encounter bugs, errors or unexpected results. Always verify the accuracy and appropriateness of AI-generated responses before taking any compliance or security actions. Users are responsible for reviewing all outputs and ensuring they meet their organization's security and compliance requirements.
- Access Vanta's 1,200+ automated security tests that run continuously to monitor compliance
- Retrieve test results with filtering by status (passing/failing), cloud provider (AWS/Azure/GCP), or compliance framework
- Get detailed information about failing resources (test entities) that need remediation
- Access 35+ supported compliance frameworks including SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP, and PCI
- Retrieve detailed control requirements and evidence mappings for each framework
- Monitor framework completion progress and compliance status
- Get specific control details that map to automated tests and required documentation
- List all security controls across all compliance frameworks in your account
- View control names, descriptions, framework mappings, and implementation status
- Get specific tests that validate each security control
- Understand which automated tests monitor compliance for specific controls
- US, EU, and AUS regions with region-specific API endpoints
- Global compliance support for distributed organizations
| Tool Name | Description |
|---|---|
get_tests |
Retrieve Vanta's automated security and compliance tests. Filter by status (OK, NEEDS_ATTENTION, DEACTIVATED), cloud integration (aws, azure, gcp), or compliance framework (soc2, iso27001, hipaa). Returns test results showing which security controls are passing or failing across your infrastructure. |
get_test_entities |
Get specific resources (entities) that are failing a particular security test. For example, if an AWS security group test is failing, this returns the actual security group IDs and details about what's wrong. Essential for understanding exactly which infrastructure components need remediation. |
get_frameworks |
List all compliance frameworks available in your Vanta account (SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP, PCI, etc.) along with completion status and progress metrics. Shows which frameworks you're actively pursuing and their current compliance state. |
get_framework_controls |
Get detailed security control requirements for a specific compliance framework. Returns the specific controls, their descriptions, implementation guidance, and current compliance status. Essential for understanding what security measures are required for each compliance standard. |
get_controls |
List all security controls across all frameworks in your Vanta account. Returns control names, descriptions, framework mappings, and current implementation status. Use this to see all available controls or to find a specific control ID for use with other tools. |
get_control_tests |
Get all automated tests that validate a specific security control. Use this when you know a control ID and want to see which specific tests monitor compliance for that control. Returns test details, current status, and any failing entities for the control's tests. |
- Create OAuth credentials from Vanta's developer dashboard
- Save the
client_idandclient_secretto an env file:{ "client_id": "your_client_id_here", "client_secret": "your_client_secret_here" }
Note: Vanta currently allows only a single active access_token per Application. More info here
Add the server to your claude_desktop_config.json:
{
"mcpServers": {
"vanta": {
"command": "npx",
"args": ["-y", "@vantasdk/vanta-mcp-server"],
"env": {
"VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
}
}
}
}If you are unfamiliar with setting up MCP servers in Claude Desktop, here is an example in the official MCP documentation.
Add the server to your Cursor MCP settings:
{
"mcpServers": {
"Vanta": {
"command": "npx",
"args": ["-y", "@vantasdk/vanta-mcp-server"],
"env": {
"VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
}
}
}
}VANTA_ENV_FILE(required): Absolute path to the JSON file containing your OAuth credentialsREGION(optional): API region -us,eu, oraus(defaults tous)
npx @vantasdk/vanta-mcp-servernpm install -g @vantasdk/vanta-mcp-server
vanta-mcp-servergit clone https://github.com/VantaInc/vanta-mcp-server.git
cd vanta-mcp-server
npm install
npm run build
npm startTo build from source:
npm run buildThis will:
- Compile TypeScript to JavaScript
- Make the output executable
- Place built files in the
build/directory
Now you can configure Claude Desktop or Cursor to use the built executable:
{
"mcpServers": {
"Vanta": {
"command": "node",
"args": ["/absolute/path/to/vanta-mcp-server/build/index.js"],
"env": {
"VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
}
}
}
}You can use the MCP Inspector to debug the server:
npx @modelcontextprotocol/inspector npx @vantasdk/vanta-mcp-serverThe inspector will open in your browser, allowing you to test tool calls and inspect the server's behavior.
{
"tool": "get_tests",
"arguments": {
"statusFilter": "NEEDS_ATTENTION",
"integrationFilter": "aws",
"frameworkFilter": "soc2",
"pageSize": 50
}
}This project is licensed under the terms of the MIT open source license. Please refer to LICENSE file for details.