vanta-mcp-plugin

claude-plugins-official

securityClaude Codeby Vanta

Summary

The Vanta plugin connects Claude Code to Vanta's security and compliance platform through the Vanta MCP server. It combines Vanta's test-specific remediation intelligence with your local repository context to help you fix compliance failures faster.

Install to Claude Code

/plugin install vanta-mcp-plugin@claude-plugins-official

Run in Claude Code. Add the marketplace first with /plugin marketplace add anthropics/claude-plugins-official if you haven't already.

README.md

Vanta Plugin for Claude Code

This repository provides an official Claude Code plugin that connects Claude to the Vanta MCP Server, giving you access to Vanta's security and compliance tools directly inside your Claude Code sessions.

> [!NOTE] > Vanta’s remote MCP server is currently in beta and released to all customers. Before connecting, confirm the following: > > Vanta role: You must be a Vanta Admin. The MCP server is not currently accessible to non-Admin users. Access for non-admin users is coming soon.

---

Features

Vanta MCP Server

Claude Code automatically connects to Vanta's hosted MCP server for your region:

# US
https://mcp.vanta.com/mcp

# EU
https://mcp.eu.vanta.com/mcp

# Aus
https://mcp.aus.vanta.com/mcp

This gives Claude tools to:

Remediate failing tests — list failing compliance tests, inspect which entities are out of scope, and get the context needed to fix them
Manage controls — browse controls and their framework mappings, list associated tests, and access linked evidence documents
Assess vendor risk — review vendors, run security assessments, manage risk attributes, and track compliance documentation
Track vulnerabilities — surface vulnerable assets, and monitor remediation progress
Govern policies — list, download, and upload policy documents across your compliance program
Analyze compliance gaps — enumerate framework requirements and identify coverage gaps across SOC 2, ISO 27001, and more

Slash Commands

| Command | Description | | ---------------------------------- | ----------------------------------------------------------------- | | /vanta:fix-test <test-id or URL> | Fix a failing test by generating IaC changes and opening a PR | | /vanta:list-tests | Show failing tests prioritized by what you can fix from this repo |

---

Installation (Claude Code)

1. Update the official marketplace

/plugin marketplace update anthropics/claude-plugins-official

This ensures you have the latest plugin listings from the official Claude Code marketplace.

2. Install the plugin

/plugin install vanta-mcp-plugin@claude-plugins-official

3. Reload plugins

/reload-plugins

This loads the plugin and starts the MCP server without restarting Claude Code.

4. Authenticate

In Claude Code, run /mcp and select vanta-\* for your region. A browser window will open in your Vanta app — click Allow to complete OAuth authorization.

Manual Setup

For detailed setup instructions across Claude Code, Cursor, and Perplexity, see the Connecting to Vanta MCP guide.

Authentication

All integrations use OAuth against the MCP server. No API keys or tokens to manage.

Resources

Connecting to Vanta MCP — setup guide for Claude Code, Cursor, and Perplexity
Vanta documentation
Report an issue

License

This project is licensed under the terms of the MIT open source license. Please refer to LICENSE file for details.

Related plugins

Browse all →

42crunch-api-security-testing

claude-plugins-official

Automate API security directly in Claude Code with 42Crunch - automatically audit OpenAPI specs, detect vulnerabilities aligned with OWASP API Security risks (including BOLA/BFLA), and apply AI-powered fixes. Designed for AI-assisted development workflows, it provides continuous guardrails through an audit->scan->remediate->validate loop, ensuring APIs meet enterprise security standards before deployment.

Open plugin →

auth0

claude-plugins-official

Enterprise-grade auth, easy to implement. Add login, SSO, MFA, and access control to any app with framework-aware guidance.

Open plugin →

crowdstrike-falcon-foundry

claude-plugins-official

CrowdStrike Falcon Foundry development skills for building cybersecurity applications on the Falcon platform. Includes UI development, collections, functions, workflows, API integration, security patterns, and debugging workflows.

Open plugin →

duende-skills

claude-plugins-official

Duende development skills and agents for Claude Code — covering OAuth/OIDC protocols, IdentityServer, token management, ASP.NET Core authentication/authorization, BFF patterns, and secure identity architecture

Open plugin →

jfrog

claude-plugins-official

Use the JFrog Platform from Claude Code: Artifactory repos and artifacts, security findings and exposures, Catalog package safety and downloads, workflows across the SDLC, and platform administration.

Open plugin →

security-guidance

claude-plugins-official

Security review for Claude-generated code. Pattern-based warnings on edits, LLM-powered diff review on Stop, and an agentic commit reviewer that catches injection, XSS, SSRF, hardcoded secrets, and 25+ other vulnerability classes.

Open plugin →

Browse

Plugins by category

Other2041 development375 productivity237 communication49 design47 security46 database40 workflow30 compliance28 product24 data22 bundle21