Default
Vanta
API integration
Ship Default features without building the integration. Full Vanta API access via Proxy, normalized data through Unified APIs, and 180+ MCP-ready tools for AI agents — all extensible to your exact use case.
Talk to usUse Cases
Why integrate with Vanta
Common scenarios for SaaS companies building Vanta integrations for their customers.
Push vulnerability scan results into Vanta for automated SLA tracking
Security scanning platforms can sync discovered package vulnerabilities, static code issues, endpoint vulnerabilities, and secrets directly into Vanta using bulk sync endpoints. This lets mutual customers track remediation SLAs natively in Vanta without manual imports.
Sync employee identity and access data for continuous compliance monitoring
HR platforms and IAM tools can push user accounts, group memberships, background check statuses, and security training completions into Vanta. This automates SOC 2 and ISO 27001 controls around onboarding, offboarding, and access reviews without CSV exports or screenshots.
Automate device compliance reporting from endpoint management tools
MDM and endpoint security platforms can sync macOS and Windows computer states into Vanta, enabling continuous verification of disk encryption, screen lock policies, and antivirus presence across the fleet.
Export failing tests and vulnerabilities into external ticketing systems
ITSM and project management tools can pull Vanta test results, failing test entities, and open vulnerabilities to auto-generate engineering tickets, keeping remediation workflows in the tools developers already use.
Programmatically manage Trust Center access for sales enablement
CRM and deal-room platforms can approve or deny Trust Center access requests, manage viewers and subscribers, and publish updates — letting sales teams share compliance documentation with prospects without leaving their workflow.
What You Can Build
Ship these features with Truto + Vanta
Concrete product features your team can ship faster by leveraging Truto’s Vanta integration instead of building from scratch.
Real-time vulnerability sync pipeline
Automatically push package vulnerabilities, endpoint vulnerabilities, static code findings, and leaked secrets into Vanta via sync_all endpoints so remediation SLAs start tracking the moment an issue is detected.
Automated employee compliance lifecycle
Sync user accounts, background check results, security training statuses, and group memberships into Vanta so that hiring, training completion, and offboarding events are reflected in compliance controls instantly.
Bidirectional control and evidence management
Create, update, and delete controls, attach control documents, link tests to controls, and upload audit evidence programmatically — turning your product into a compliance evidence source Vanta auditors can trust.
Trust Center self-service portal
Build a branded interface where prospects request access, get auto-approved or denied via the API, and browse FAQs, subprocessors, control categories, and downloadable resources — all managed from your product.
Vendor risk and third-party management dashboard
Create vendors, attach vendor documents, manage security reviews, log vendor findings, and convert discovered vendors into managed vendors — giving your users a single pane for third-party risk inside your app.
Fleet compliance monitoring for endpoint managers
Sync macOS and Windows computer inventories into Vanta's monitored computers list so that device encryption, OS patching, and agent installation status are continuously validated against compliance frameworks.
SuperAI
Vanta AI agent tools
Comprehensive AI agent toolset with fine-grained control. Integrates with MCP clients like Cursor and Claude, or frameworks like LangChain.
list_all_vanta_controls
List controls in Vanta. Returns id, externalId, name, description, source, domains, owner, role, and customFields for each control.
get_single_vanta_control_by_id
Get a control in Vanta by id. Returns fields such as id, externalId, name, description, source, domains, owner, customFields, numDocumentsPassing, numDocumentsTotal, numTestsPassing, numTestsTotal, status, role, and note.
create_a_vanta_control
Create a custom control in Vanta. Requires externalId, name, description, effectiveDate, and domain as parameters. Returns id, externalId, name, description, source, domains, owner, role, and customFields, which include information about the newly created control.
update_a_vanta_control_by_id
Update a control's metadata in Vanta using id. Returns id (control's unique ID), externalId (external control ID), name, description, source, domains, owner, role, and customFields in the response.
delete_a_vanta_control_by_id
Delete a specific control in Vanta using id. No content is returned in the response when the control is successfully removed.
vanta_controls_set_owner
Set owner for a specific control in Vanta using id. Returns id, externalId, name, description, source, domains, owner, role, and customFields in the response.
vanta_controls_add_from_library
Add a control from the Vanta library to your organization's controls in Vanta. Requires controlId. Returns id, externalId, name, description, source, domains, owner, role, and customFields of the new control in the response.
list_all_vanta_control_documents
List documents for a specific control in Vanta. Requires id. Returns id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url for each document.
delete_a_vanta_control_document_by_id
Remove a document from a control in Vanta. Requires control_id and id. Returns no content if successful.
create_a_vanta_control_document
Add a document to a control in Vanta. Requires id (as controlId) and documentId. Returns document fields including id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url.
list_all_vanta_control_tests
List tests for a specific control in Vanta. Requires id. Returns fields: id, name, lastTestRunDate, latestFlipDate, description, failureDescription, remediationDescription, version, category, integrations, status, deactivatedStatusInfo, remediationStatusInfo, owner.
delete_a_vanta_control_test_by_id
Remove a control-test mapping in Vanta. Requires control_id and id. Returns no content in the response.
create_a_vanta_control_test
Add a test to a control in Vanta. Requires id for the control and testId in the body. Returns test fields (id, name, lastTestRunDate, description, status, owner) and control fields (id, name, description, source, domains, owner) in the response.
list_all_vanta_documents
List documents in Vanta. Returns id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url for each document.
get_single_vanta_document_by_id
Get a document in Vanta by id. Returns fields such as id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, url, description, deactivatedStatus, note, nextRenewalDate, renewalCadence, reminderWindow, and subscribers.
delete_a_vanta_document_by_id
Delete a document by id in Vanta. Returns no content on success. Requires id.
create_a_vanta_document
Create a custom document in Vanta. Requires title, description, timeSensitivity, cadence, reminderWindow, and isSensitive. Returns id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url in the response.
vanta_documents_submit
Submit a document collection in Vanta. Requires id. Returns a 204 status on success with no content.
list_all_vanta_document_files
List uploaded files for a document in Vanta. Requires id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, effectiveDate, and url for each uploaded file.
vanta_document_files_download
Download a specific document-file in Vanta by document_id and id. The response returns the 'readable' field indicating if the file stream can be read.
create_a_vanta_document_file
Upload a file for a document in Vanta. Requires id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, effectiveDate, and url for the uploaded document.
delete_a_vanta_document_file_by_id
Delete a document-file in Vanta. Requires document_id and id. No content is returned in the response.
list_all_vanta_frameworks
List frameworks in Vanta. Returns fields: id, displayName, shorthandName, description, numControlsCompleted, numControlsTotal, numDocumentsPassing, numDocumentsTotal, numTestsPassing, numTestsTotal for each framework.
get_single_vanta_framework_by_id
Get details about a specific framework in Vanta using id. Returns fields such as id, displayName, shorthandName, description, numControlsCompleted, numControlsTotal, numDocumentsPassing, numDocumentsTotal, numTestsPassing, numTestsTotal, and requirementCategories where requirementCategories include id, name, shorthand, and requirements with their controls.
list_all_vanta_framework_controls
List controls for a specific framework in Vanta. Requires framework_id. Returns id, externalId, name, description, source, domains, owner, role, and customFields for each control.
list_all_vanta_groups
List groups in Vanta. Returns id, name, and creationDate fields for each group.
get_single_vanta_group_by_id
Get group details by id in Vanta. Returns id, name, and creationDate fields in the response.
create_a_vanta_group_person
Add people to a group in Vanta. Requires id. Returns an array of results for each person, including id, status ('SUCCESS' or 'ERROR'), and an error message if applicable.
delete_a_vanta_group_person_by_id
Remove people from a group in Vanta. Requires id. Returns the results array with each person's id, status (either SUCCESS or ERROR), and an optional error message per person.
list_all_vanta_group_people
List people in a group in Vanta. Requires group_id. Returns id, emailAddress, employment status and dates, leaveInfo, groupIds, name, sources of information, and detailed tasksSummary for each person.
list_all_vanta_integrations
List all integrations connected to a Vanta instance. Returns integrationId, displayName, resourceKinds, and details about installed connections including connectionId, isDisabled status, and connectionErrorMessage.
get_single_vanta_integration_by_id
Get details of a specific integration in Vanta. Requires id. Returns integrationId, displayName, resourceKinds (resource types ingested), and connections (connectionId, isDisabled, connectionErrorMessage) in the response.
list_all_vanta_integration_resource_kinds
List integration resource kinds in Vanta for a specific integration_id. Returns integrationId (the integration identifier), resourceKind (resource type), isScopable (audit scoping eligibility), canUpdateDescription, and canUpdateOwner for each kind.
get_single_vanta_integration_resource_kind_by_id
Get details for a specific integration-resource-kinds in Vanta. Requires integration_id and id. Returns integrationId, resourceKind, isScopable, canUpdateDescription, canUpdateOwner, numResources, numInScope, numOwned, numWithDescription.
list_all_vanta_resources
List resources for a specific integration and resourceKind in Vanta. Requires integration_id and resource_kind. Returns fields including responseType, resourceKind, resourceId, displayName, owner, inScope, creationDate, and more.
get_single_vanta_resource_by_id
Get detailed information about a specific resource in Vanta using integration_id, resource_kind, and id. Returns key fields such as responseType, resourceKind, resourceId, connectionId, displayName, owner, inScope, description, creationDate, and additional resource-specific fields.
update_a_vanta_resource_by_id
Update metadata for a specific resource in Vanta. Requires integration_id, resource_kind, and id. Returns no content on success.
vanta_resources_update_many
Update metadata for multiple resources in Vanta. Requires integration_id and resource_kind. Returns results array with id, status (SUCCESS or ERROR), and error message for each resource updated.
list_all_vanta_monitored_computers
List monitored computers in Vanta. Returns id, integrationId, lastCheckDate, screenlock, diskEncryption, passwordManager, antivirusInstallation, operatingSystem, owner, serialNumber, and udid fields for each computer.
get_single_vanta_monitored_computer_by_id
Get a monitored computer in Vanta by id. Requires id. Returns id, integrationId, lastCheckDate, screenlock, diskEncryption, passwordManager, antivirusInstallation, operatingSystem, owner, serialNumber, and udid fields in the response.
list_all_vanta_people
List people in Vanta. Returns id, emailAddress, employment (status, startDate, jobTitle, endDate), leaveInfo, groupIds, name, sources, and tasksSummary (status, dueDate, completionDate, details) for each person.
get_single_vanta_person_by_id
Get person in Vanta using id. Returns fields including id, emailAddress, employment (status, startDate, jobTitle, endDate), leaveInfo, groupIds, name, sources, and tasksSummary.
update_a_vanta_person_by_id
Update a person's metadata in Vanta using id. Returns id, emailAddress, employment details, leaveInfo, groupIds, name, sources, and tasksSummary in the response.
delete_a_vanta_person_by_id
Offboard a list of people in Vanta. Requires each update to include acknowledgerId and id. Returns results array with each person's id, status (SUCCESS or ERROR), and error message if applicable. Eligibility depends on ex-employee status, monitored accounts deactivated, and all custom offboarding tasks completed. Unmonitored accounts are marked deactivated. Offboarding fails if unfinished tasks remain.
vanta_people_mark_as_not
Mark a set of accounts as 'not a person' in Vanta by providing the required updates array with id and reason. Returns the id, status, and, if any error occurs, the message for each account processed.
vanta_people_mark_as
Mark a set of accounts as people in Vanta. Requires updates. Returns for each id: status indicating SUCCESS or ERROR, and message on error.
vanta_people_clear_leave
Remove leave information for a specific person in Vanta using id. Returns fields including id, emailAddress, employment details, leaveInfo, groupIds, name, sources, and tasksSummary.
vanta_people_set_leave
Set leave information for a person in Vanta. Requires id, startDate, and endDate (nullable). Response returns id, emailAddress, employment, leaveInfo, groupIds, name, sources, and tasksSummary. Existing leaveInfo will be replaced.
get_single_vanta_trust_center_by_id
Get a Trust Center in Vanta by id. Requires id. Returns id, title, companyDescription, privacyPolicy, customDomain, isPublic, bannerSetting, customTheme, creationDate, and updatedDate fields in the response.
update_a_vanta_trust_center_by_id
Update a Trust Center in Vanta using id. Returns id, title, companyDescription, privacyPolicy, customDomain, isPublic, bannerSetting, customTheme, creationDate, and updatedDate fields in the response.
list_all_vanta_trust_center_documents
Use this endpoint to retrieve a list of documents published in a specific Trust Center. These documents typically include security policies, compliance reports, certifications, and other trust-related resources shared by an organization.
list_all_vanta_controls_library
List controls-library resources in Vanta. Returns id, externalId, name, description, source, domains, owner, role, and customFields for each control.
list_all_vanta_discovered_vendors
List discovered vendors in Vanta. Returns for each vendor: id, name, normalizedName, category, source, discoveredDate, numberOfAccounts, ignored, and rejected fields.
vanta_discovered_vendors_managed_vendor
Add a discovered vendor to managed vendor in Vanta. Requires id. Returns key fields: id (unique vendor ID), name, websiteUrl, accountManagerName, servicesProvided, additionalNotes, securityOwnerUserId, status, inherentRiskLevel, residualRiskLevel, contract dates, contractAmount, authentication details, and riskAttributeIds in the response.
list_all_vanta_discovered_vendor_accounts
List discovered vendor accounts in Vanta for a given discovered_vendor_id. Returns id, displayName, type, and for COMPUTER type, also owner details (id, email, displayName, type) in the response.
list_all_vanta_document_controls
List controls associated with a document in Vanta. Requires id. Returns fields: id, externalId, name, description, source, domains, owner, role, and customFields for each control.
list_all_vanta_document_links
List uploaded links for a specific document in Vanta. Requires id. Returns id, creationDate, effectiveDate, title, url, and description for each link in the response.
create_a_vanta_document_link
Create document link in Vanta for a specific document using id. Returns id, creationDate, effectiveDate, title, url, and description for the created link.
delete_a_vanta_document_link_by_id
Delete a specific document link in Vanta. Requires document_id and id. No content is returned in the response.
create_a_vanta_document_owner
Set the owner of a document in Vanta. Requires id. Returns id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url for the document in the response.
list_all_vanta_policies
List policies in Vanta. Returns id, name, description, status, approvedAtDate, and latestVersion.status for each policy.
get_single_vanta_policy_by_id
Get a policy in Vanta by id. Returns id, name, description, status, approvedAtDate, and latestVersion fields in the response. Policy ids can be found in Vanta in the URL bar after /policies/.
list_all_vanta_risk_scenarios
List risk scenarios in Vanta. Returns riskId, description, isSensitive, likelihood, impact, residualLikelihood, residualImpact, categories, ciaCategories, treatment, owner, note, customFields, isArchived, and reviewStatus for each scenario.
get_single_vanta_risk_scenario_by_id
Get a risk scenario in Vanta using id. Returns riskId, description, isSensitive, likelihood, impact, residualLikelihood, residualImpact, categories, ciaCategories, treatment, owner, note, customFields, isArchived, and reviewStatus.
create_a_vanta_risk_scenario
Create a risk scenario in Vanta. Requires description. Returns riskId, description, isSensitive, likelihood, impact, residualLikelihood, residualImpact, categories, ciaCategories, treatment, owner, note, customFields, isArchived, and reviewStatus.
update_a_vanta_risk_scenario_by_id
Update a risk scenario in Vanta. Requires id. Returns riskId, description, isSensitive, likelihood, impact, residualLikelihood, residualImpact, categories, ciaCategories, treatment, owner, note, customFields, isArchived, and reviewStatus fields in the response.
list_all_vanta_tests
List tests in Vanta. Returns fields such as id, name, lastTestRunDate, latestFlipDate, description, failureDescription, remediationDescription, version, category, integrations, status, deactivatedStatusInfo, remediationStatusInfo, and owner in the response.
get_single_vanta_test_by_id
Get a test by id in Vanta. Requires id. Returns id for the test, name, lastTestRunDate, latestFlipDate, description, failureDescription, remediationDescription, version, category, integrations, status, deactivatedStatusInfo, remediationStatusInfo, and owner.
list_all_vanta_test_entities
List test entities in Vanta for a specific test_id. Returns id, entityStatus, displayName, responseType, deactivatedReason, lastUpdatedDate, and createdDate fields for each entity in the response.
vanta_test_entities_deactivate
Deactivate a specific test-entity in Vanta. Requires test_id and id. Returns deactivation request acceptance status. There may be a delay until the next test run.
vanta_test_entities_reactivate
Reactivate a test-entity in Vanta. Requires test_id and id. Returns confirmation that the reactivation request has been accepted. Reactivation may be delayed until the next test run.
list_all_vanta_vendor_risk_attributes
List vendor risk attributes in Vanta. Returns id, name, description, vendorCategories, enabled, and riskLevel fields for each risk attribute in the response.
list_all_vanta_vulnerabilities
List vulnerabilities in Vanta. Returns id, name, description, integrationId, packageIdentifier, vulnerabilityType, targetId, severity, scores, dates, fixability, relatedVulns, relatedUrls, externalURL, scanSource, and deactivateMetadata fields.
get_single_vanta_vulnerability_by_id
Get a vulnerability in Vanta by id. Returns id, name, description, integrationId, packageIdentifier, vulnerabilityType, targetId, firstDetectedDate, sourceDetectedDate, lastDetectedDate, severity, cvssSeverityScore, scannerScore, isFixable, remediateByDate, relatedVulns, relatedUrls, externalURL, scanSource, deactivateMetadata fields in the response.
vanta_vulnerability_monitoring_reactivate
Reactivate vulnerability monitoring in Vanta for specified vulnerabilities by providing their id values. Returns id, status (SUCCESS or ERROR), and message (if ERROR) for each processed vulnerability in the response.
vanta_vulnerability_monitoring_deactivate
Deactivate vulnerability monitoring in Vanta. Requires updates with id, deactivateReason, and shouldReactivateWhenFixable. Returns results for each id with status and, if an error occurs, a message.
list_all_vanta_vulnerability_remediations
List vulnerability remediations in Vanta. Returns id, vulnerabilityId, vulnerableAssetId, severity, detectedDate, slaDeadlineDate, and remediationDate for each remediation.
create_a_vanta_sla_miss_acknowledgment
Acknowledge SLA miss for vulnerability remediation in Vanta. Requires updates with id and slaViolationComment. Returns results array with id, status (SUCCESS or ERROR), and message for errors.
list_all_vanta_vulnerabilities_assets
List assets associated with vulnerabilities in Vanta. Returns id, name, assetType, hasBeenScanned, imageScanTag, and scanners fields for each asset.
get_single_vanta_vulnerabilities_asset_by_id
Get vulnerable asset in Vanta by id. Returns id, name, assetType, hasBeenScanned, imageScanTag, and scanners (with integration and asset details) in the response.
list_all_vanta_vendors
List vendors in Vanta. Returns key fields such as id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, status, risk levels, contract dates, authDetails, headquarters, contractAmount, category, and customFields.
get_single_vanta_vendor_by_id
Get vendor in Vanta by id. Returns id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, securityOwnerUserId, businessOwnerUserId, contract dates, isVisibleToAuditors, isRiskAutoScored, riskAttributeIds, category, authDetails, status, risk levels, vendorHeadquarters, contractAmount, and customFields in the response.
create_a_vanta_vendor
Create a vendor in Vanta. Returns id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, securityOwnerUserId, businessOwnerUserId, contractStartDate, contractRenewalDate, contractTerminationDate, nextSecurityReviewDueDate, lastSecurityReviewCompletionDate, isVisibleToAuditors, isRiskAutoScored, riskAttributeIds, category, authDetails, status, inherentRiskLevel, residualRiskLevel, vendorHeadquarters, contractAmount, customFields in the response.
update_a_vanta_vendor_by_id
Update a vendor in Vanta by id. Returns id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, securityOwnerUserId, businessOwnerUserId, contractStartDate, contractRenewalDate, contractTerminationDate, nextSecurityReviewDueDate, lastSecurityReviewCompletionDate, isVisibleToAuditors, isRiskAutoScored, riskAttributeIds, category, authDetails, status, inherentRiskLevel, residualRiskLevel, vendorHeadquarters, contractAmount, and customFields in the response.
delete_a_vanta_vendor_by_id
Delete a vendor in Vanta by id. No content is returned in the response.
list_all_vanta_vendor_documents
List vendor documents in Vanta. Requires vendor_id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, type, and url fields for each document.
create_a_vanta_vendor_document
Add document to a vendor in Vanta. Requires vendor_id, file, and type. Returns fields: id (document identifier), fileName (file name), title, description, mimeType, uploadedBy (actor who uploaded), creationDate, updatedDate, deletionDate, type, and url (document link) in the response.
list_all_vanta_vendor_findings
List vendor findings in Vanta for a specific vendor_id. Returns id, vendorId, securityReviewId, documentId, content, riskStatus, and remediation fields for each finding.
create_a_vanta_vendor_finding
Create a vendor finding in Vanta for a given vendor_id. Returns id, vendorId, securityReviewId, documentId, content, riskStatus, and remediation fields describing the finding and its status.
update_a_vanta_vendor_finding_by_id
Update a vendor finding in Vanta. Requires vendor_id and id. Returns id, vendorId, securityReviewId, documentId, content, riskStatus, and remediation fields describing the updated finding.
delete_a_vanta_vendor_finding_by_id
Delete a specific vendor-finding in Vanta. Requires vendor_id and id. No content is returned in the response.
get_single_vanta_security_review_by_id
Get a security review in Vanta. Requires vendor_id and id. Returns fields including id, vendorId, decisionNotes, comments, completedByUserId, startDate, dueDate, overrideDueDate, completionDate, and decision object for review status and timestamps.
list_all_vanta_vendor_security_review
List security reviews for a vendor in Vanta. Requires vendor_id. Returns id, vendorId, decisionNotes, comments, completedByUserId, startDate, dueDate, overrideDueDate, completionDate, and decision fields for each security review.
list_all_vanta_security_review_documents
List security review documents in Vanta for a given vendor_id and security_review_id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, type, and url fields for each document.
create_a_vanta_security_review_document
Add a document to a security review in Vanta. Requires vendor_id and security_review_id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, type, and url fields for the created document.
delete_a_vanta_security_review_document_by_id
Delete a security review document in Vanta. Requires vendor_id, security_review_id, and id. Returns no content in the response.
create_a_vanta_vendor_status
Set status for a vendor in Vanta. Requires id and status. Returns fields such as id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, securityOwnerUserId, businessOwnerUserId, contractStartDate, contractRenewalDate, contractTerminationDate, nextSecurityReviewDueDate, lastSecurityReviewCompletionDate, isVisibleToAuditors, isRiskAutoScored, riskAttributeIds, category, authDetails, status, inherentRiskLevel, residualRiskLevel, vendorHeadquarters, contractAmount, and customFields providing the vendor's profile, risk, contract, and authentication details.
list_all_vanta_trust_center_access_requests
List Trust Center access requests in Vanta for a specified slug_id. Returns id, email, name, companyName, reason, requestedResources, accessLevel, creationDate, and updatedDate fields for each access request in the response.
get_single_vanta_trust_center_access_request_by_id
Get a specific Trust Center access request in Vanta using slug_id and id. Returns id, email, name, companyName, reason, requestedResources, accessLevel, creationDate, and updatedDate in the response.
vanta_trust_center_access_requests_approve
Approve a trust-center-access-requests in Vanta. Requires slug_id and id. Returns no content in the response.
vanta_trust_center_access_requests_deny
Deny an access request for a Trust Center in Vanta. Requires slug_id and id. No content is returned in the response.
list_all_vanta_trust_center_activity_events
List Trust Center viewer activity events in Vanta. Requires slug_id. Returns id, date, eventType, details (varies by event type), viewerId, viewerEmail, city, and countryCode for each event.
list_all_vanta_trust_center_control_categories
List control categories for a Trust Center in Vanta. Requires slug_id. Returns id and name fields for each control category in the response.
get_single_vanta_trust_center_control_category_by_id
Get a specific control category in Vanta Trust Center. Requires slug_id and id. Returns id (unique identifier) and name (category name) in the response.
create_a_vanta_trust_center_control_category
Create a control category in Vanta Trust Center. Requires slug_id and name. Returns id and name of the created control category in the response.
update_a_vanta_trust_center_control_category_by_id
Update a specific Trust Center control category in Vanta. Requires slug_id and id. Returns id and name fields representing the updated control category.
delete_a_vanta_trust_center_control_category_by_id
Delete a control category in Vanta Trust Center, along with all controls in the category. Requires slug_id and id. No content returned in response.
list_all_vanta_trust_center_controls
List controls for a Trust Center in Vanta. Requires slug_id. Returns id, name, description, and categories (id and name) for each control.
get_single_vanta_trust_center_control_by_id
Get a specific Trust Center control in Vanta. Requires slug_id and id. Returns id (unique identifier), name (control summary), description, and categories (array of category ids and names) in the response.
create_a_vanta_trust_center_control
Add a control to a Trust Center in Vanta. Requires slug_id, controlId, and categoryIds. Returns id, name, description, and categories (with id and name) for the created control in the response.
delete_a_vanta_trust_center_control_by_id
Delete a specific trust-center-controls resource in Vanta. Requires slug_id and id. No content returned in the response.
list_all_vanta_trust_center_faqs
List Trust Center FAQs in Vanta. Requires slug_id. Returns id, question, and answer fields for each FAQ in the response.
get_single_vanta_trust_center_faq_by_id
Get a specific Trust Center FAQ in Vanta. Requires slug_id and id. Returns id (FAQ identifier), question (FAQ question), and answer (FAQ answer) in the response.
create_a_vanta_trust_center_faq
Create a Trust Center FAQ in Vanta. Requires slug_id, question, and answer. Returns id (unique identifier), question, and answer in the response.
update_a_vanta_trust_center_faq_by_id
Update a specific trust-center-faqs in Vanta. Requires slug_id and id. Returns id (unique FAQ identifier), question (FAQ question), and answer (FAQ answer) in the response.
delete_a_vanta_trust_center_faq_by_id
Delete a specific FAQ from the Trust Center in Vanta. Requires slug_id and id. No content is returned in the response.
list_all_vanta_trust_center_resources
List Trust Center resources in Vanta. Requires slug_id. Returns id, fileName, title, description, mimeType, creationDate, updatedDate, and isPublic fields for each resource.
get_single_vanta_trust_center_document_by_id
Get a specific Trust Center document in Vanta. Requires slug_id and id. Returns id, fileName, title, description, mimeType, creationDate, updatedDate, and isPublic fields in the response.
create_a_vanta_trust_center_document
Create Trust Center document in Vanta. Requires slug_id. Returns id, fileName, title, description, mimeType, creationDate, updatedDate, and isPublic fields for the new document.
update_a_vanta_trust_center_document_by_id
Update a specific Trust Center document in Vanta. Requires slug_id and id. Returns id, fileName, title, description, mimeType, creationDate, updatedDate, and isPublic fields in the response.
delete_a_vanta_trust_center_document_by_id
Delete a specific Trust Center document in Vanta. Requires slug_id and id. No content is returned in the response.
list_all_vanta_trust_center_subprocessors
List subprocessors for a Trust Center in Vanta. Requires slug_id. Returns id, name, description, location, purpose, and url fields for each subprocessor in the response.
get_single_vanta_trust_center_subprocessor_by_id
Get a specific Trust Center subprocessor in Vanta. Requires slug_id and id. Returns id (unique identifier), name, description, location, purpose, and url of the subprocessor.
create_a_vanta_trust_center_subprocessor
Create a Trust Center subprocessor in Vanta. Requires slug_id and request body with name. Returns id, name, description, location, purpose, and url of the created subprocessor in the response.
update_a_vanta_trust_center_subprocessor_by_id
Update a specific Trust Center subprocessor in Vanta. Requires slug_id and id. Returns id, name, description, location, purpose, and url fields for the updated subprocessor in the response.
delete_a_vanta_trust_center_subprocessor_by_id
Delete a specific subprocessor from a Trust Center in Vanta. Requires slug_id and id. Returns no content (204) in the response upon successful deletion.
list_all_vanta_trust_center_updates
List updates for a Trust Center in Vanta. Requires slug_id. Returns id, title, description, category, creationDate, updatedDate, visibilityType, and notifiedEmails for each update.
get_single_vanta_trust_center_update_by_id
Get a specific Trust Center update in Vanta using slug_id and id. Returns id, title, description, category, creationDate, updatedDate, visibilityType, and notifiedEmails in the response.
create_a_vanta_trust_center_update
Create a Trust Center update in Vanta for a specified slug_id. Returns id, title, description, category, creationDate, updatedDate, visibilityType, and notifiedEmails in the response.
update_a_vanta_trust_center_update_by_id
Update a Trust Center update in Vanta. Requires slug_id and id. Returns id, title, description, category, creationDate, updatedDate, visibilityType, and notifiedEmails fields in the response.
delete_a_vanta_trust_center_update_by_id
Delete a Trust Center update in Vanta. Requires slug_id and id. No content is returned in the response.
vanta_trust_center_updates_notify_all_subscribers
Send notifications for a specific trust-center-updates resource in Vanta. Requires slug_id and id. No content is returned in the response.
list_all_vanta_trust_center_viewers
List Trust Center viewers in Vanta for a given slug_id. Returns id, email, name, companyName, resourceIds, accessLevel, ndaInfo, externalServiceAssociations, creationDate, updatedDate, expirationDate, and addedByUser for each viewer.
get_single_vanta_trust_center_viewer_by_id
Get a Trust Center viewer in Vanta by slug_id and id. Returns id, email, name, companyName, resourceIds, accessLevel, ndaInfo, externalServiceAssociations, creationDate, updatedDate, expirationDate, and addedByUser fields.
create_a_vanta_trust_center_viewer
Add a Trust Center viewer in Vanta. Requires slug_id, email, name, companyName, isNdaRequired, and accessLevel. Returns id, email, name, companyName, resourceIds, accessLevel, ndaInfo, externalServiceAssociations, creationDate, updatedDate, expirationDate, and addedByUser.
delete_a_vanta_trust_center_viewer_by_id
Remove a viewer from a Trust Center in Vanta. Requires slug_id for the Trust Center and id for the viewer. No content is returned in the response.
list_all_vanta_trust_center_subscribers
List Trust Center subscribers in Vanta using slug_id. Returns fields id (subscriber identifier), email, isEmailVerified (verification status), and creationDate (subscriber creation date) for each subscriber.
get_single_vanta_trust_center_subscriber_by_id
Get a specific Trust Center subscriber in Vanta using slug_id and id. Returns id, email, isEmailVerified, and creationDate fields in the response.
create_a_vanta_trust_center_subscriber
Create a Trust Center subscriber in Vanta. Requires slug_id and email. Returns id, email, isEmailVerified (whether the email is verified), and creationDate (subscriber creation timestamp) in the response.
delete_a_vanta_trust_center_subscriber_by_id
Delete a Trust Center subscriber in Vanta. Requires slug_id and id. Returns no content in the response.
list_all_vanta_trust_center_subscriber_groups
List Trust Center subscriber groups in Vanta by slug_id. Returns id, name, subscriberIds, and creationDate for each group in the response.
get_single_vanta_trust_center_subscriber_group_by_id
Get a specific Trust Center subscriber group in Vanta. Requires slug_id and id. Returns id, name, subscriberIds, and creationDate to identify the group, its subscribers, and when it was created.
create_a_vanta_trust_center_subscriber_group
Create a Trust Center subscriber group in Vanta using slug_id. Returns id, name, subscriberIds, and creationDate for the new subscriber group.
delete_a_vanta_trust_center_subscriber_group_by_id
Delete a Trust Center subscriber group in Vanta. Requires slug_id and id. No content is returned in the response.
list_all_vanta_endpoint_vulnerabilities_connectors
List API Endpoint Vulnerabilities in Vanta for the specified resource_id. Returns displayName, uniqueId, externalUrl, occurrences, severity, vulnerableComponentUniqueId, description, remediationInstructions, url, and httpMethod fields in the response.
vanta_endpoint_vulnerabilities_connectors_sync_all
Sync all API Endpoint Vulnerabilities in Vanta. Requires resourceId and resources. Replaces all existing resources for the given app and source_id. Response returns success indicating operation status. Must sync VulnerableComponent resources first.
list_all_vanta_custom_resources
List all custom-resources in Vanta for a given resource_id. Returns displayName, uniqueId, and externalUrl for each resource in the response.
vanta_custom_resources_sync_all
Sync all Custom Resources in Vanta by providing resourceId and resources. This operation replaces ALL existing custom resources for the given resourceId. Returns success indicating if the sync was successful.
list_all_vanta_macos_user_computers
List MacOS User Computers in Vanta for a specified resource_id. Returns displayName, uniqueId, externalUrl, collectedTimestamp, osName, osVersion, hardwareUuid, serialNumber, applications, browserExtensions, drives, users, systemScreenlockPolicies, isManaged, and autoUpdatesEnabled for each computer.
vanta_macos_user_computers_sync_all
Sync all macOS user computers in Vanta. Requires resourceId and resources. This replaces all existing MacosUserComputer resources for the given app and source; missing resources will be deleted. Returns success indicating sync status.
list_all_vanta_package_vulnerabilities
List package vulnerabilities in Vanta. Requires resourceId. Returns displayName, uniqueId, externalUrl, packageName, packageVersion, severity, vulnerableComponentUniqueId, description, isResolvable, and remediationInstructions for each vulnerability.
vanta_package_vulnerabilities_sync
Sync all package-vulnerabilities in Vanta. Requires resourceId and resources. Must first sync VulnerableComponent resources and reference their uniqueId. Response returns success indicating sync status. All previous resources are replaced.
list_all_vanta_secrets
List secrets in Vanta for the given resourceId. Returns displayName, uniqueId, externalUrl, name, description, createdTimestamp, creator, owner, updatedTimestamp, lastAccessedTimestamp, and expiresTimestamp for each secret. Requires resourceId.
vanta_secrets_sync_all
Sync all secrets in Vanta. Requires resourceId and resources array with details such as displayName, uniqueId, externalUrl, name, description, createdTimestamp, creator, and owner. Updates all existing secrets. Returns success indicating sync status.
list_all_vanta_static_code_vulnerability_connectors
List all static-code-vulnerability-connectors in Vanta. Requires resourceId. Returns displayName, uniqueId, externalUrl, occurrences, severity, confidence, isResolvable, vulnerableComponentUniqueId, description, remediationInstructions, cveId, cvss3Vector, and cvss3Score for each vulnerability.
vanta_static_code_vulnerability_connectors_sync_all
Sync all Static Code Analysis Vulnerabilities in Vanta. Requires resourceId and resources. Returns success indicating if the sync operation was successful. Must sync VulnerableComponent resources first; references to vulnerableComponentUniqueId must be valid.
list_all_vanta_user_accounts
List user accounts in Vanta for a specific resource_id. Returns displayName, uniqueId, externalUrl, fullName, accountName, email, permissionLevel, createdTimestamp, status, mfaEnabled, mfaMethods, authMethod, and other fields for each account.
vanta_user_accounts_sync_all
Sync all user-accounts in Vanta. Requires resourceId and resources. The response returns the success status indicating if user-accounts were synced. All existing user-accounts for the app and source will be replaced.
list_all_vanta_user_security_training_statuses
List user security training statuses in Vanta. Requires resource_id. Returns displayName, uniqueId, externalUrl, trainingId, trainingName, frameworksFulfilled, traineeFullName, traineeAccountName, traineeEmail, status, trainingCreatedTimestamp, trainingDueTimestamp, and trainingCompletedTimestamp for each user.
vanta_user_security_training_statuses_sync_all
Sync all user security training statuses in Vanta. Requires resourceId and resources. Replaces all existing user security training statuses for the app and source_id. Returns success indicating sync status.
list_all_vanta_vulnerable_components
List all vulnerable-components in Vanta for a given resource_id. Returns displayName, uniqueId, externalUrl, collectedTimestamp, name, description, and targetType fields in the response.
vanta_vulnerable_components_sync
Sync all vulnerable-components in Vanta. Requires resourceId and resources. The call replaces all existing resources for the given app and source_id. Returns success boolean indicating if the operation was successful.
list_all_vanta_windows_user_computers
List all Windows User Computers in Vanta for a given resource_id. Returns displayName, uniqueId, externalUrl, collectedTimestamp, osName, osVersion, hardwareUuid, serialNumber, and other computer properties for each computer.
vanta_windows_user_computers_sync_all
Sync all Windows User Computers in Vanta. Requires resourceId and resources. Returns success indicating whether Windows User Computers were synced for the integration.
list_all_vanta_audits
List audits in Vanta. Returns a paginated list with fields: id (audit identifier), customerOrganizationName, customerDisplayName, customerOrganizationId, audit window dates, framework, auditor details, creation and completion timestamps, and auditFocus.
list_all_vanta_audit_comments
List audit comments in Vanta. Requires audit_id. Returns id, auditEvidenceId, text, creationDate, modificationDate, deletionDate, and email for each comment.
list_all_vanta_audit_controls
List audit-controls for a specific audit in Vanta. Requires audit_id. Returns id, externalId, name, description, source, domains, owner, role, customFields, framework, and sections for each audit-control.
list_all_vanta_audit_evidence
List audit evidence for a specific audit in Vanta. Requires audit_id. Returns fields such as id, externalId, status, name, creationDate, deletionDate, statusUpdatedDate, testStatus, evidenceType, evidenceId, relatedControls, and description for each evidence.
update_a_vanta_audit_evidence_by_id
Update audit evidence in Vanta. Requires audit_id and id. Returns id (Vanta reference), externalId (UUID mapping), status (current evidence status), name, deletionDate, creationDate, statusUpdatedDate, testStatus, evidenceType, evidenceId, relatedControls, and description fields in the response.
list_all_vanta_audit_evidence_url
List all evidence urls for a specific audit evidence in Vanta. Requires audit_id and audit_evidence_id. Returns id (evidence reference), url (pre-signed S3 URL), filename, and isDownloadable fields in the response.
list_all_vanta_audit_monitored_computers
List monitored computers in Vanta for a specified audit_id. Returns id, integrationId, lastCheckDate, screenlock, diskEncryption, passwordManager, antivirusInstallation, operatingSystem, owner, serialNumber, and udid fields in the response.
list_all_vanta_audit_people
List people in scope for a specific audit in Vanta. Requires audit_id. Returns fields: id, emailAddress, employment details (status, startDate, endDate, jobTitle), leaveInfo, groupIds, name, sources of info, and tasksSummary for each person.
list_all_vanta_audit_vulnerability_remediations
List vulnerability remediations in Vanta for a specific audit. Requires audit_id. Returns id, vulnerabilityId, vulnerableAssetId, severity, detectedDate, slaDeadlineDate, and remediationDate for each remediation.
list_all_vanta_audit_vulnerable_assets
List assets associated with vulnerabilities in Vanta for an audit. Requires audit_id. Returns fields including id, name, assetType, hasBeenScanned, imageScanTag, and scanners array with scanner details for each asset.
list_all_vanta_audit_vulnerabilities
List vulnerabilities within the scope of a given audit in Vanta. Requires audit_id. Returns an array of vulnerabilities with fields including id, name, description, integrationId, packageIdentifier, vulnerabilityType, targetId, detection dates, severity, scores, isFixable, remediateByDate, relatedVulns, relatedUrls, externalURL, scanSource, and deactivateMetadata.
list_all_vanta_audit_vendors
List vendors in scope for a specific audit in Vanta. Requires audit_id. Returns id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, key contract and security fields for each vendor.
create_a_vanta_auditor
Create an auditor in Vanta by providing email, givenName, and familyName. Returns id, organizationId, email, givenName, and familyName fields in the response.
create_a_vanta_group_person
Add a person to a group in Vanta. Requires group_id and id. Returns fields such as id, emailAddress, employment (status, startDate, jobTitle, endDate), leaveInfo, groupIds, name (first, last, display), sources, and tasksSummary with task details in the response.
delete_a_vanta_group_person_by_id
Remove a person from a group in Vanta. Requires group_id and id. Returns id, emailAddress, employment, leaveInfo, groupIds, name, sources, and tasksSummary fields for the person in the response.
list_all_vanta_historical_access_requests
List historical access requests for a Trust Center in Vanta. Requires slug_id. Returns id, email, name, companyName, reason, requestedResources, accessLevel, creationDate, updatedDate, and outcome for each request.
list_all_vanta_background_checks
List all background checks in Vanta for the specified resource_id. Returns resources with displayName, uniqueId, externalUrl, fullName, email, status, and optional completionDate fields in the response.
vanta_background_checks_sync_all
Sync all background-checks resources in Vanta. Requires resourceId and resources with displayName, uniqueId, externalUrl, fullName, email, and status. Returns success indicating if the background checks were synced.
Why Truto
Why use Truto’s MCP server for Vanta
Other MCP servers give you a static tool list for one app. Truto gives you a managed, multi-tenant MCP infrastructure across 650+ integrations.
Auto-generated, always up to date
Tools are dynamically generated from curated documentation — not hand-coded. As integrations evolve, tools stay current without manual maintenance.
Fine-grained access control
Scope each MCP server to read-only, write-only, specific methods, or tagged tool groups. Expose only what your AI agent needs — nothing more.
Multi-tenant by design
Each MCP server is scoped to a single connected account with its own credentials. The URL itself is the auth token — no shared secrets, no credential leaking across tenants.
Works with every MCP client
Standard JSON-RPC 2.0 protocol. Paste the URL into Claude, ChatGPT, Cursor, or any MCP-compatible agent framework — tools are discovered automatically.
Built-in auth, rate limits, and error handling
Tool calls execute through Truto’s proxy layer with automatic OAuth refresh, rate-limit handling, and normalized error responses. No raw API plumbing in your agent.
Expiring and auditable servers
Create time-limited MCP servers for contractors or automated workflows. Optional dual-auth requires both the URL and a Truto API token for high-security environments.
Unified APIs
Unified APIs for Vanta
Skip writing code for every integration. Use Truto’s category-specific Unified APIs out of the box or customize the mappings with AI.
How It Works
From zero to integrated
Go live with Vanta in under an hour. No boilerplate, no maintenance burden.
Link your customer’s Vanta account
Use Truto’s frontend SDK to connect your customer’s Vanta account. We handle all OAuth and API key flows — you don’t need to create the OAuth app.
We handle authentication
Don’t spend time refreshing access tokens or figuring out secure storage. We handle it and inject credentials into every API request.
Call our API, we call Vanta
Truto’s Proxy API is a 1-to-1 mapping of the Vanta API. You call us, we call Vanta, and pass the response back in the same cycle.
Unified response format
Every response follows a single format across all integrations. We translate Vanta’s pagination into unified cursor-based pagination. Data is always in the result attribute.
FAQs
Common questions about Vanta on Truto
Authentication, rate limits, data freshness, and everything else you need to know before you integrate.
What authentication method does the Vanta integration use through Truto?
Truto handles OAuth-based authentication for Vanta. Your end users connect their Vanta accounts through Truto's embedded auth flow, and Truto manages token refresh and credential storage so you never handle secrets directly.
How does the 'sync_all' pattern work for pushing data into Vanta?
Vanta uses a declarative sync model. Endpoints like vanta_user_accounts_sync_all or vanta_package_vulnerabilities_sync accept the full current state of your data. Vanta diffs it against the previous sync to determine additions, updates, and removals — no need to track individual change events.
Can I read and write controls, documents, and evidence for audit preparation?
Yes. The integration supports full CRUD on controls, control documents, control tests, and documents. You can also upload document files, submit documents for review, create audit evidence, and manage document links and owners programmatically.
Which compliance frameworks can I query through the API?
You can list all frameworks a Vanta account has enabled, retrieve individual frameworks by ID, and list the controls mapped to each framework using the list_all_vanta_framework_controls endpoint.
Does Truto handle pagination and rate limiting for the Vanta API?
Yes. Truto abstracts away Vanta's pagination mechanics and manages rate limit backoff automatically, so your code receives complete result sets without implementing retry logic or cursor management.
Can I manage people, groups, and access through the Unified User Directory API?
Truto maps Vanta's people and groups endpoints to the Unified User Directory API. You can list, retrieve, update, and delete people, manage group memberships, set employee leave status, and mark employees as specific roles — all through a standardized schema.
Vanta
Get Vanta integrated into your app
Our team understands what it takes to make a Vanta integration successful. A short, crisp 30 minute call with folks who understand the problem.
Talk to us