Skip to main content
Glama
secureframe

Secureframe MCP Server

Official
by secureframe
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

Secureframe MCP Server

This Model Context Protocol server provides read-only access to Secureframe's compliance automation platform for AI assistants like Claude and Cursor. Query security controls, monitor compliance tests, and access audit data across SOC 2, ISO 27001, CMMC, FedRAMP, and other frameworks.

⚠️ Disclaimer: This MCP server is currently in public beta and grants AI assistants read-only access to your Secureframe compliance data. While the server only performs read operations, always review and validate AI-generated insights before making any compliance or security decisions. You are responsible for ensuring all AI outputs align with your organization's compliance policies and security standards.

πŸš€ Quick Start

Prerequisites

  • Python 3.7 or higher

  • Secureframe API credentials (Get them here)

  • Claude Desktop, Cursor IDE, or any MCP-compatible tool

Installation

# Clone and setup
git clone https://github.com/secureframe/secureframe-mcp-server.git
cd secureframe-mcp-server

# Create virtual environment (recommended)
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Configure credentials
cp env.example .env
# Edit .env with your API credentials

πŸ”§ Configuration

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "secureframe": {
      "command": "python",
      "args": ["/absolute/path/to/secureframe-mcp-server/main.py"],
      "env": {
        "SECUREFRAME_API_KEY": "your_api_key",
        "SECUREFRAME_API_SECRET": "your_api_secret",
        "SECUREFRAME_API_URL": "https://api.secureframe.com"
      }
    }
  }
}

Cursor IDE

Configure in Cursor's MCP settings:

{
  "mcpServers": {
    "Secureframe": {
      "command": "python",
      "args": ["/absolute/path/to/secureframe-mcp-server/main.py"],
      "env": {
        "SECUREFRAME_API_KEY": "your_api_key",
        "SECUREFRAME_API_SECRET": "your_api_secret",
        "SECUREFRAME_API_URL": "https://api.secureframe.com"
      }
    }
  }
}

Environment Variables

Variable

Description

Required

SECUREFRAME_API_KEY

Your Secureframe API key

βœ…

SECUREFRAME_API_SECRET

Your Secureframe API secret

βœ…

SECUREFRAME_API_URL

API endpoint (defaults to US region)

❌

Regional Endpoints:

  • πŸ‡ΊπŸ‡Έ US: https://api.secureframe.com (default)

  • πŸ‡¬πŸ‡§ UK: https://api-uk.secureframe.com

πŸ“‹ Available Tools (11 Read-Only Operations)

Tool

Purpose

list_controls

List security controls across frameworks with filtering

list_tests

List compliance tests with pass/fail status

list_users

List personnel and their compliance status

list_devices

List managed devices and security compliance

list_user_accounts

List user accounts from integrations

list_tprm_vendors

List third-party risk management vendors

list_vendors

List vendors (legacy API)

list_frameworks

List available compliance frameworks

list_repositories

List code repositories and audit scope

list_integration_connections

List integration status and connections

list_repository_framework_scopes

List framework scopes for specific repositories

πŸ’‘ Usage Examples

Monitor Failing Controls

# Find controls that need attention for SOC 2
list_controls(
    search_query="health_status:unhealthy AND frameworks:soc2_alpha",
    per_page=50
)

Find Failing Tests

# Get top 5 failing tests
list_tests(
    search_query="health_status:fail",
    per_page=5
)

Review High-Risk Vendors

# Find high-risk vendors
list_tprm_vendors(
    search_query="risk_level:High",
    per_page=20
)

Check User Compliance

# Find inactive contractors
list_users(
    search_query="employee_type:contractor AND active:false",
    per_page=100
)

πŸ” Search Capabilities

The server supports powerful Lucene query syntax for filtering:

Example Queries

Find critical failing tests:

health_status:fail AND frameworks:soc2_alpha

Locate inactive users:

active:false AND employee_type:contractor

Search high-risk vendors:

risk_level:High AND archived:false

Common Search Fields

  • health_status - For controls: healthy, unhealthy, draft. For tests: pass, fail, disabled

  • enabled - true/false

  • test_type - integration, upload

  • active - true/false

  • email - User email address

  • employee_type - employee, contractor, non_employee, auditor, external

  • in_audit_scope - true/false

  • risk_level - Low, Medium, High

  • status - draft, completed

  • archived - true/false

  • private - true/false

  • in_audit_scope - true/false

πŸ› οΈ Development

Debug with MCP Inspector

npx @modelcontextprotocol/inspector python main.py

πŸ“š Resources

🎯 Obtaining API Credentials

  1. Log into Secureframe

  2. Navigate to Profile Picture β†’ Company Settings β†’ API Keys

  3. Click Create API Key

  4. Save your credentials securely (secret shown only once)

βš–οΈ License

This project is licensed under the MIT License. See LICENSE for details.

This server cannot be installed

A
license - permissive license
-
quality - not tested
D
maintenance

How are these scores calculated?

Maintenance

–Maintainers
–Response time
–Release cycle
–Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/secureframe/secureframe-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server