← Back to search

@vantasdk/vanta-mcp-server

VantaInc MIT 60 stars Scanned 48d ago

Model Context Protocol server for Vanta's security compliance platform

C
66.8 / 100

Versions

1.2.0 latest
May 26, 2026
PermissionsTool SafetyAuthAnnotationsCode QualityStabilitySpecVuln HistoryAuthorTransparencyCommunity

Tools 45

list_vulnerability_remediations
annotations: none low

List all vulnerability remediations in your Vanta account. Returns remediation IDs, vulnerability references, status, and progress for tracking security improvements. Use this to see all vulnerability remediation efforts and their current status.

limit number cursor string
integrations
annotations: none low

Access connected integrations in your Vanta account. Provide integrationId to get a specific integration, or omit to list all integrations. Returns integration details, supported resource kinds, and connection status for compliance monitoring.

integrationId string required
integration_resources
annotations: none low

Access integration resources including resource kinds, resource kind details, and specific resources. Specify operation to perform: 'list_kinds' for available resource types, 'get_kind_details' for schema information, 'list_resources' for all resources of a type, or 'get_resource' for specific resource details.

pageSize number required operation enum required pageCursor string resourceId string required resourceKind string required integrationId string required
policies
annotations: none low

Access policies in your Vanta account. Provide policyId to get a specific policy, or omit to list all policies. Returns policy IDs, names, and metadata for governance and compliance management.

policyId string required
list_vendor_risk_attributes
annotations: none low

List all vendor risk attributes in your Vanta account. Returns attribute IDs, names, categories, and risk scoring criteria for vendor risk assessment. Use this to see all available risk attributes for evaluating vendor relationships.

limit number cursor string
tests
annotations: none low

Access continuous monitoring tests in your Vanta account. Provide testId to get a specific test, or omit to list all tests. Returns test IDs, names, types, schedules, current status, and detailed configuration for compliance monitoring.

testId string required statusFilter string required frameworkFilter string integrationFilter string
list_test_entities
annotations: none low

List a test's entities. Get all entities (resources) that are being tested by a specific security test. Use this when you know a test ID and want to see which specific resources (servers, applications, databases, etc.) are being validated for compliance by that test.

limit number cursor string testId string required
vulnerabilities
annotations: none low

Access vulnerabilities in your Vanta account. Provide vulnerabilityId to get a specific vulnerability, or omit to list all vulnerabilities. Returns vulnerability details, severity levels, and status for security monitoring.

severity string required integrationId string vulnerabilityId string required slaDeadlineAfter string slaDeadlineBefore string externalVulnerabilityId string required
risks
annotations: none low

Access risk scenarios in your Vanta account. Provide riskId to get a specific risk scenario, or omit to list all risks with optional filtering and pagination. Returns risk details, impact assessments, and mitigation strategies for compliance reporting.

riskId string required categoryMatchesAny string reviewStatusMatchesAny array
frameworks
annotations: none low

Access compliance frameworks in your Vanta account. Provide frameworkId to get a specific framework, or omit to list all frameworks. Returns frameworks (SOC 2, ISO 27001, HIPAA, GDPR, etc.) with completion status and progress metrics.

frameworkId string required
list_framework_controls
annotations: none low

List framework's controls. Get detailed security control requirements for a specific compliance framework. Returns the specific controls, their descriptions, implementation guidance, and current compliance status.

limit number cursor string frameworkId string required
monitored_computers
annotations: none low

Access monitored computers in your Vanta account. Provide monitoredComputerId to get a specific computer, or omit to list all monitored computers. Returns computer details, compliance status, and security measures for device management.

monitoredComputerId string required
people
annotations: none low

Access people in your Vanta account. Provide personId to get a specific person, or omit to list all people. Returns person IDs, names, email addresses, and organizational information for identity and access management.

personId string required taskStatusMatchesAny array required
groups
annotations: none low

Access groups in your Vanta account. Provide groupId to get a specific group, or omit to list all groups. Returns group IDs, names, descriptions, and metadata for organizational structure and access management.

groupId string required
list_group_people
annotations: none low

List group's people. Get all people who are members of a specific group. Use this to see group membership and organizational structure.

limit number cursor string groupId string required
documents
annotations: none low

Access documents in your Vanta account. Provide documentId to get a specific document, or omit to list all documents. Returns document IDs, names, types, and metadata for compliance and evidence management.

documentId string required statusMatchesAny array frameworkMatchesAny array
document_resources
annotations: none low

Access document-related resources including controls, links (i.e. hyperlinks), and uploads. Specify resourceType to get the specific type of resource associated with a document. Use this to explore what controls are linked to a document, what external references exist, or what files are attached (including the download link for those files).

documentId string required resourceType enum required
download_document_file
annotations: none low

Download document file by upload ID. Get the actual uploaded document file. Intelligently handles different MIME types: returns text content for readable files (text/*, JSON, XML, CSV, JavaScript) and metadata information for binary files (images, videos, PDFs, etc.).

uploadedFileId string required
list_discovered_vendors
annotations: none low

List discovered vendors identified by Vanta's automated discovery. Returns vendor names, domains, discovery sources, and linkage status to managed vendor records.

limit number cursor string discoveredVendorId string required
list_discovered_vendor_accounts
annotations: none low

List accounts associated with a discovered vendor. Provide discoveredVendorId to retrieve account identifiers, connection details, and discovery metadata.

limit number cursor string discoveredVendorId string required
get_trust_center
annotations: none low

Get Trust Center information. Retrieve detailed information about a specific Trust Center including configuration, branding, and public visibility settings. Use this to access Trust Center details for compliance transparency and customer communication.

slugId string required
trust_center_access_requests
annotations: none low

Access Trust Center access requests. Provide accessRequestId to get a specific access request, or omit to list all access requests. Use this to manage and review Trust Center access requests including requester details, status, and approval workflow.

accessRequestId string required
list_trust_center_viewer_activity_events
annotations: none low

List Trust Center viewer activity events. Get all viewing and interaction events for a specific Trust Center to understand usage patterns and engagement. Use this for analytics and compliance tracking.

limit number cursor string slugId string required
trust_center_control_categories
annotations: none low

Access Trust Center control categories. Provide controlCategoryId to get a specific control category, or omit to list all categories. Use this to understand how compliance controls are organized and categorized for public display.

controlCategoryId string required
trust_center_controls
annotations: none low

Access Trust Center controls. Provide trustCenterControlId to get a specific control, or omit to list all controls. Use this to see compliance controls displayed publicly to demonstrate your compliance posture.

trustCenterControlId string required
trust_center_faqs
annotations: none low

Access Trust Center FAQs. Provide faqId to get a specific FAQ, or omit to list all FAQs. Use this to see frequently asked questions and answers published for customers regarding compliance and security practices.

faqId string required
list_trust_center_resources
annotations: none low

List Trust Center resources. Get all downloadable resources and documents available in a specific Trust Center. Use this to see what compliance materials are provided to customers and prospects.

limit number cursor string slugId string required
get_trust_center_document
annotations: none low

Get Trust Center document by ID. Retrieve detailed information about a specific document available in a Trust Center. Use this to access compliance certifications, policies, and other public-facing documentation.

slugId string required resourceId string required
get_trust_center_resource_media
annotations: none low

Download Trust Center document media. Get the actual uploaded document/media file for a Trust Center resource. Intelligently handles different MIME types: returns text content for readable files (text/*, JSON, XML, CSV, JavaScript) and metadata information for binary files (images, videos, PDFs, etc.). Use this to download compliance documents, certifications, and other materials for review or audit purposes.

slugId string required resourceId string required
trust_center_subprocessors
annotations: none low

Access Trust Center subprocessors. Provide subprocessorId to get a specific subprocessor, or omit to list all subprocessors. Use this to see third-party service providers and their compliance information for transparency.

subprocessorId string required
trust_center_updates
annotations: none low

Access Trust Center updates. Provide updateId to get a specific update, or omit to list all updates. Use this to see compliance status changes, security updates, and important notifications published in the Trust Center.

updateId string required
trust_center_viewers
annotations: none low

Access Trust Center viewers. Provide viewerId to get a specific viewer, or omit to list all viewers. Use this for access management and audit purposes to see who can view the Trust Center.

viewerId string required
get_trust_center_subscriber
annotations: none low

Get Trust Center subscriber by ID. Retrieve detailed information about a specific subscriber including subscription preferences and notification settings.

slugId string required subscriberId string required
trust_center_subscriber_groups
annotations: none low

Access Trust Center subscriber groups. Provide subscriberGroupId to get a specific subscriber group, or omit to list all subscriber groups. Use this for managing access permissions and organizing subscribers.

subscriberGroupId string required
list_trust_center_historical_access_requests
annotations: none low

List Trust Center historical access requests. Get all historical access requests for a specific Trust Center for auditing and compliance tracking. Use this to review past access patterns and requests.

limit number cursor string slugId string required
list_trust_center_subscribers
annotations: none low

List Trust Center subscribers. Get all subscribers for a specific Trust Center. Use this to manage notifications and communication with stakeholders.

limit number cursor string slugId string required
vendors
annotations: none low

Access vendors in your Vanta account. Provide vendorId to get a specific vendor, or omit to list all vendors. Returns vendor details, risk levels, and management status for third-party risk assessment.

vendorId string required
vendor_compliance
annotations: none low

Access vendor compliance data including documents, findings, and security reviews. Specify complianceType to get the specific type of compliance information for a vendor. Use this to explore vendor compliance documentation, security findings, and assessment history.

pageSize number required vendorId string required pageCursor string complianceType enum required
get_vendor_security_review
annotations: none low

Get vendor security review by ID. Retrieve detailed information about a specific security review for a vendor.

vendorId string required securityReviewId string required
list_vendor_security_review_documents
annotations: none low

List vendor security review's documents. Get all documents associated with a specific vendor security review.

pageSize number required vendorId string required pageCursor string securityReviewId string required
vulnerable_assets
annotations: none low

Access vulnerable assets in your Vanta account. Provide vulnerableAssetId to get a specific vulnerable asset, or omit to list all vulnerable assets. Returns asset details, vulnerability counts, and security status.

vulnerableAssetId string required
controls
annotations: none low

Access security controls in your Vanta account. Provide controlId to get a specific control, or omit to list all controls with optional framework filtering. Returns control names, descriptions, framework mappings, and implementation status.

controlId string required frameworkMatchesAny array
list_control_tests
annotations: none low

List control tests. Get all automated tests that validate a specific security control. Use this when you know a control ID and want to see which specific tests monitor compliance for that control.

limit number cursor string controlId string required
list_library_controls
annotations: none low

List Vanta controls from the library. These are pre-built security controls available in Vanta's control library that can be added to your account.

limit number cursor string controlId string required
list_control_documents
annotations: none low

List a control's documents. Get all documents that are associated with or provide evidence for a specific security control.

limit number cursor string controlId string required

Permissions 3

network medium
Server uses network capabilities via: fetch()
filesystem low
Server uses filesystem capabilities via: fs sync ops
env_vars low
Server uses env_vars capabilities via: process.env

Scan Findings 105

low
Permission: filesystem access detected permission_analyzer · 90%
info
package.json metadata manifest_parser · 100%
info
Tool: list_vulnerability_remediations manifest_parser · 90%
info
Tool: integrations manifest_parser · 90%
info
Tool: integration_resources manifest_parser · 90%
info
Tool: policies manifest_parser · 90%
info
Tool: list_vendor_risk_attributes manifest_parser · 90%
info
Tool: tests manifest_parser · 90%
info
Tool: list_test_entities manifest_parser · 90%
info
Tool: document_resources manifest_parser · 90%
info
Tool: vulnerabilities manifest_parser · 90%
info
Tool: risks manifest_parser · 90%
info
Tool: frameworks manifest_parser · 90%
info
Tool: list_framework_controls manifest_parser · 90%
info
Tool: monitored_computers manifest_parser · 90%
info
Tool: people manifest_parser · 90%
info
Tool: groups manifest_parser · 90%
info
Tool: list_group_people manifest_parser · 90%
info
Tool: documents manifest_parser · 90%
low
Tool 'risks' has no annotations annotation_checker · 100%
info
Tool: download_document_file manifest_parser · 90%
info
Tool: list_discovered_vendors manifest_parser · 90%
info
Tool: list_discovered_vendor_accounts manifest_parser · 90%
info
Tool: get_trust_center manifest_parser · 90%
info
Tool: trust_center_access_requests manifest_parser · 90%
info
Tool: list_trust_center_viewer_activity_events manifest_parser · 90%
info
Tool: trust_center_control_categories manifest_parser · 90%
info
Tool: trust_center_controls manifest_parser · 90%
info
Tool: trust_center_faqs manifest_parser · 90%
info
Tool: list_trust_center_resources manifest_parser · 90%
info
Tool: get_trust_center_document manifest_parser · 90%
info
Tool: get_trust_center_resource_media manifest_parser · 90%
info
Tool: trust_center_subprocessors manifest_parser · 90%
info
Tool: trust_center_updates manifest_parser · 90%
info
Tool: trust_center_viewers manifest_parser · 90%
info
Tool: get_trust_center_subscriber manifest_parser · 90%
info
Tool: trust_center_subscriber_groups manifest_parser · 90%
info
Tool: list_trust_center_historical_access_requests manifest_parser · 90%
info
Tool: list_trust_center_subscribers manifest_parser · 90%
info
Tool: vendors manifest_parser · 90%
info
Tool: vendor_compliance manifest_parser · 90%
info
Tool: get_vendor_security_review manifest_parser · 90%
info
Tool: list_vendor_security_review_documents manifest_parser · 90%
info
Tool: vulnerable_assets manifest_parser · 90%
info
Tool: controls manifest_parser · 90%
info
Tool: list_control_tests manifest_parser · 90%
info
Tool: list_library_controls manifest_parser · 90%
info
Tool: list_control_documents manifest_parser · 90%
info
Transport: stdio manifest_parser · 90%
info
Required env vars (2) manifest_parser · 80%
low
Tool 'list_vulnerability_remediations' has no annotations annotation_checker · 100%
low
Tool 'integrations' has no annotations annotation_checker · 100%
low
Tool 'integration_resources' has no annotations annotation_checker · 100%
low
Tool 'policies' has no annotations annotation_checker · 100%
low
Tool 'list_vendor_risk_attributes' has no annotations annotation_checker · 100%
low
Tool 'tests' has no annotations annotation_checker · 100%
low
Tool 'list_test_entities' has no annotations annotation_checker · 100%
low
Tool 'vulnerabilities' has no annotations annotation_checker · 100%
low
Tool 'frameworks' has no annotations annotation_checker · 100%
low
Tool 'list_framework_controls' has no annotations annotation_checker · 100%
low
Tool 'monitored_computers' has no annotations annotation_checker · 100%
low
Tool 'people' has no annotations annotation_checker · 100%
low
Tool 'groups' has no annotations annotation_checker · 100%
low
Tool 'list_group_people' has no annotations annotation_checker · 100%
low
Tool 'documents' has no annotations annotation_checker · 100%
low
Tool 'document_resources' has no annotations annotation_checker · 100%
low
Tool 'download_document_file' has no annotations annotation_checker · 100%
low
Tool 'list_discovered_vendors' has no annotations annotation_checker · 100%
low
Tool 'list_discovered_vendor_accounts' has no annotations annotation_checker · 100%
low
Tool 'get_trust_center' has no annotations annotation_checker · 100%
low
Tool 'trust_center_access_requests' has no annotations annotation_checker · 100%
low
Tool 'list_trust_center_viewer_activity_events' has no annotations annotation_checker · 100%
low
Tool 'trust_center_control_categories' has no annotations annotation_checker · 100%
low
Tool 'trust_center_controls' has no annotations annotation_checker · 100%
low
Tool 'trust_center_faqs' has no annotations annotation_checker · 100%
low
Tool 'list_trust_center_resources' has no annotations annotation_checker · 100%
low
Tool 'get_trust_center_document' has no annotations annotation_checker · 100%
low
Tool 'get_trust_center_resource_media' has no annotations annotation_checker · 100%
low
Tool 'trust_center_subprocessors' has no annotations annotation_checker · 100%
low
Tool 'trust_center_updates' has no annotations annotation_checker · 100%
low
Tool 'trust_center_viewers' has no annotations annotation_checker · 100%
low
Tool 'get_trust_center_subscriber' has no annotations annotation_checker · 100%
low
Tool 'trust_center_subscriber_groups' has no annotations annotation_checker · 100%
low
Tool 'list_trust_center_historical_access_requests' has no annotations annotation_checker · 100%
low
Tool 'list_trust_center_subscribers' has no annotations annotation_checker · 100%
low
Tool 'vendors' has no annotations annotation_checker · 100%
low
Tool 'vendor_compliance' has no annotations annotation_checker · 100%
low
Tool 'get_vendor_security_review' has no annotations annotation_checker · 100%
low
Tool 'list_vendor_security_review_documents' has no annotations annotation_checker · 100%
low
Tool 'vulnerable_assets' has no annotations annotation_checker · 100%
low
Tool 'controls' has no annotations annotation_checker · 100%
low
Tool 'list_control_tests' has no annotations annotation_checker · 100%
low
Tool 'list_library_controls' has no annotations annotation_checker · 100%
low
Tool 'list_control_documents' has no annotations annotation_checker · 100%
medium
OAuth implementation without PKCE auth_checker · 75%
medium
Permission: network access detected permission_analyzer · 70%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.6.0 (GHSA-8r9q-7v3j-jr4g) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.6.0 (GHSA-w48q-cv73-mx4w) dependency_analyzer · 95%
medium
Vulnerable dependency: zod@3 (GHSA-m95q-7qp3-xv42) dependency_analyzer · 95%
high
Generic API Key Assignment found in VantaInc-vanta-mcp-server-1a83467/src/eval/README.md secret_scanner · 75%
medium
No build provenance detected (SLSA L0) slsa_assessor · 90%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 224 components sbom_generator · 100%