Secureframe

Provides read-only access to Secureframe compliance data via MCP for querying controls, tests, and audit data.
  • python

4

GitHub Stars

python

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "secureframe-secureframe-mcp-server": {
      "command": "python",
      "args": [
        "/absolute/path/to/secureframe-mcp-server/main.py"
      ],
      "env": {
        "SECUREFRAME_API_KEY": "YOUR_API_KEY",
        "SECUREFRAME_API_URL": "https://api.secureframe.com",
        "SECUREFRAME_API_SECRET": "YOUR_API_SECRET"
      }
    }
  }
}

You can query Secureframe’s compliance data through a read-only MCP server that exposes security controls, tests, audit data, and vendor information across multiple frameworks. It’s designed for AI assistants and MCP clients to help you monitor and review your compliance posture without modifying any data.

How to use

Use an MCP client to connect to the Secureframe MCP Server via a local stdio-based setup. You’ll run a local Python process that talks to Secureframe’s API using your credentials. The server provides a family of read-only endpoints you can invoke from your MCP client to list controls, tests, users, devices, vendors, repositories, and more. Make sure your credentials are kept secure and never share them with untrusted tools. All actions are read-only, so no changes to your data will occur.

How to install

Follow these concrete steps to install and run the MCP server locally.

# Clone and setup
git clone https://github.com/secureframe/secureframe-mcp-server.git
cd secureframe-mcp-server

# Create virtual environment (recommended)
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Configure credentials
cp env.example .env
# Edit .env with your API credentials

Available tools

list_controls

List security controls across frameworks with filtering

list_tests

List compliance tests with pass/fail status

list_users

List personnel and their compliance status

list_devices

List managed devices and security compliance

list_user_accounts

List user accounts from integrations

list_tprm_vendors

List third-party risk management vendors

list_vendors

List vendors (legacy API)

list_frameworks

List available compliance frameworks

list_repositories

List code repositories and audit scope

list_integration_connections

List integration status and connections

list_repository_framework_scopes

List framework scopes for specific repositories

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational