Vanta MCP server
Inspect tests, controls, frameworks, and vulnerabilities across your Vanta tenant.
About
Connect Tracecat to Vanta to inspect tests, controls, and evidence for compliance leads and GRC engineers running SOC 2, ISO 27001, HIPAA, and PCI programs. You can pull failing tests and the underlying entities causing the failure for fast triage. From there, walk controls to their mapped frameworks, review evidence documents, and track vulnerabilities with precision.
Setup
- 1
Sign in with OAuth
You'll authorize Tracecat to access Vanta on your behalf. No API keys to manage.
- 2
Select the
Vantatile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theVantatile, and complete the OAuth flow. - 3
Enable
Vantain your agentIn your
ai.agentaction orAgents→toolstab, selectVantafrom theMCP integrationsdropdown.
Tools
tests | Retrieve security and compliance tests filtered by status, integration, or framework. |
list_test_entities | Get the resources monitored by a test, including failing entities. |
controls | List security controls or fetch one by ID with framework mappings. |
list_control_tests | Enumerate the automated tests that validate a specific control. |
list_control_documents | List documents providing evidence for a control. |
documents | List or retrieve compliance documents by ID. |
frameworks | List compliance frameworks with completion metrics. |
list_framework_controls | Retrieve the controls associated with a given framework. |
vulnerabilities | List detected vulnerabilities or retrieve one by ID with CVE metadata. |
integrations | List connected Vanta integrations and inspect their resource kinds. |