playbooks

home / mcp / vanta mcp server

Vanta MCP Server

Provides access to Vanta compliance data and actions via MCP tools for tests, controls, documents, frameworks, people, risks, and vulnerabilities.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "vantainc-vanta-mcp-server": {
      "command": "npx",
      "args": [
        "-y",
        "@vantasdk/vanta-mcp-server"
      ],
      "env": {
        "REGION": "us",
        "VANTA_ENV_FILE": "YOUR_PATH_TO_VANTA_CREDENTIALS.env"
      }
    }
  }
}

You can use this MCP server to interact with Vanta’s compliance platform, enabling you to retrieve test results, manage findings, review framework requirements, and access documents and integrations from your AI assistant or client. This makes it practical to automate and streamline your security and compliance workflows.

How to use

Connect your MCP client to the Vanta MCP server using the stdio configuration shown below. Once connected, you can list controls, fetch tests that validate each control, inspect evidence documents, view frameworks, and review people, risks, and vulnerabilities. Use the available tools to query for specific items or to enumerate all items in a category.

Typical usage patterns include: - List all security controls or fetch a control by ID to review its description and framework mapping. - Enumerate automated tests that validate a control and see which entities failed. - Retrieve documents or resources that provide evidence for a control. - Inspect frameworks to see required controls and implementation guidance. - List people, risks, and vulnerabilities to manage compliance reviews and remediation plans.

How to install

Prerequisites: Node.js and npm (or npx available) on your machine. You will run commands to install and start the MCP server. Follow the steps below to set up and run the server from source or via a prebuilt package.

# Prerequisites
node -v
npm -v

# Install (NPX recommended)
npx @vantasdk/vanta-mcp-server

# If you prefer a local build, install dependencies and build
# from source (options described in the guide):
git clone https://github.com/VantaInc/vanta-mcp-server.git
cd vanta-mcp-server
npm install
npm run build
npm start

Configuration and environment

Set up OAuth credentials and provide them to the MCP server via environment configuration. You will use a JSON file containing your OAuth client_id and client_secret and pass the path to this file through an environment variable when starting the server.

Example environment and startup usage for the MCP server is shown in the following configuration blocks.

{
  "mcpServers": {
    "vanta": {
      "command": "npx",
      "args": ["-y", "@vantasdk/vanta-mcp-server"],
      "env": {
        "VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
      }
    },
    "VantaCursor": {
      "command": "npx",
      "args": ["-y", "@vantasdk/vanta-mcp-server"],
      "env": {
        "VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
      }
    }
  }
}

Environment variables and regions

The server uses environment variables to control credentials and region settings. The key variable shown is VANTA_ENV_FILE, which should contain the path to your JSON file with OAuth credentials. The REGION variable is optional and can specify us, eu, or aus to select the API region.

Available tools

tests

Retrieve Vanta's automated security and compliance tests. Filter by status, integration, or framework to understand pass/fail posture.

list_test_entities

Get the resources monitored by a specific security test, including failing entities that require remediation.

controls

List security controls in your Vanta account or retrieve a specific control by ID with framework mapping details.

list_control_tests

Enumerate automated tests that validate a specific control, complete with status and failing entity information.

list_control_documents

List documents mapped to a control to locate supporting evidence quickly.

documents

List compliance documents or fetch details for a specific document, including metadata.

document_resources

Retrieve resources linked to a document (controls, links, uploads) by choosing the desired resource type.

integrations

List integrations connected to your Vanta account or fetch details for a specific integration, including resource kinds and connection status.

integration_resources

Inspect integration resource kinds, schema information, full resource lists, or a specific resource by selecting from the supported operations.

frameworks

List compliance frameworks with completion status and progress metrics for each.

list_framework_controls

Retrieve the controls associated with a compliance framework, including descriptions and implementation guidance.

people

List people across your organization or look up a specific person by ID with role, email, and group membership metadata.

risks

List risk scenarios under management or fetch a specific scenario to review status, scoring, and treatment plans.

vulnerabilities

List detected vulnerabilities or retrieve a specific item with CVE metadata, severity, and impacted assets.