Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Secureframe Server

FreeNot checked

Provides AI assistants with read-only access to Secureframe's compliance data, enabling querying of security controls, tests, users, vendors, and more across fr

GitHubEmbed

About

Provides AI assistants with read-only access to Secureframe's compliance data, enabling querying of security controls, tests, users, vendors, and more across frameworks like SOC 2 and ISO 27001.

README

This Model Context Protocol server provides read-only access to Secureframe's compliance automation platform for AI assistants like Claude and Cursor. Query security controls, monitor compliance tests, and access audit data across SOC 2, ISO 27001, CMMC, FedRAMP, and other frameworks.

⚠️ Disclaimer: This MCP server is currently in public beta and grants AI assistants read-only access to your Secureframe compliance data. While the server only performs read operations, always review and validate AI-generated insights before making any compliance or security decisions. You are responsible for ensuring all AI outputs align with your organization's compliance policies and security standards.


🚀 Quick Start

Prerequisites

  • Python 3.7 or higher
  • Secureframe API credentials (Get them here)
  • Claude Desktop, Cursor IDE, or any MCP-compatible tool

Installation

# Clone and setup
git clone https://github.com/secureframe/secureframe-mcp-server.git
cd secureframe-mcp-server

# Create virtual environment (recommended)
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Configure credentials
cp env.example .env
# Edit .env with your API credentials

🔧 Configuration

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "secureframe": {
      "command": "python",
      "args": ["/absolute/path/to/secureframe-mcp-server/main.py"],
      "env": {
        "SECUREFRAME_API_KEY": "your_api_key",
        "SECUREFRAME_API_SECRET": "your_api_secret",
        "SECUREFRAME_API_URL": "https://api.secureframe.com"
      }
    }
  }
}

Cursor IDE

Configure in Cursor's MCP settings:

{
  "mcpServers": {
    "Secureframe": {
      "command": "python",
      "args": ["/absolute/path/to/secureframe-mcp-server/main.py"],
      "env": {
        "SECUREFRAME_API_KEY": "your_api_key",
        "SECUREFRAME_API_SECRET": "your_api_secret",
        "SECUREFRAME_API_URL": "https://api.secureframe.com"
      }
    }
  }
}

Environment Variables

Variable Description Required
SECUREFRAME_API_KEY Your Secureframe API key
SECUREFRAME_API_SECRET Your Secureframe API secret
SECUREFRAME_API_URL API endpoint (defaults to US region)

Regional Endpoints:

  • 🇺🇸 US: https://api.secureframe.com (default)
  • 🇬🇧 UK: https://api-uk.secureframe.com

📋 Available Tools (11 Read-Only Operations)

Tool Purpose
list_controls List security controls across frameworks with filtering
list_tests List compliance tests with pass/fail status
list_users List personnel and their compliance status
list_devices List managed devices and security compliance
list_user_accounts List user accounts from integrations
list_tprm_vendors List third-party risk management vendors
list_vendors List vendors (legacy API)
list_frameworks List available compliance frameworks
list_repositories List code repositories and audit scope
list_integration_connections List integration status and connections
list_repository_framework_scopes List framework scopes for specific repositories

💡 Usage Examples

Monitor Failing Controls

# Find controls that need attention for SOC 2
list_controls(
    search_query="health_status:unhealthy AND frameworks:soc2_alpha",
    per_page=50
)

Find Failing Tests

# Get top 5 failing tests
list_tests(
    search_query="health_status:fail",
    per_page=5
)

Review High-Risk Vendors

# Find high-risk vendors
list_tprm_vendors(
    search_query="risk_level:High",
    per_page=20
)

Check User Compliance

# Find inactive contractors
list_users(
    search_query="employee_type:contractor AND active:false",
    per_page=100
)

🔍 Search Capabilities

The server supports powerful Lucene query syntax for filtering:

Example Queries

Find critical failing tests:

health_status:fail AND frameworks:soc2_alpha

Locate inactive users:

active:false AND employee_type:contractor

Search high-risk vendors:

risk_level:High AND archived:false

Common Search Fields

Controls & Tests
  • health_status - For controls: healthy, unhealthy, draft. For tests: pass, fail, disabled
  • enabled - true/false
  • test_type - integration, upload
Personnel
  • active - true/false
  • email - User email address
  • employee_type - employee, contractor, non_employee, auditor, external
  • in_audit_scope - true/false
Vendors (TPRM)
  • risk_level - Low, Medium, High
  • status - draft, completed
  • archived - true/false
Repositories
  • private - true/false
  • in_audit_scope - true/false

🛠️ Development

Debug with MCP Inspector

npx @modelcontextprotocol/inspector python main.py

📚 Resources


🎯 Obtaining API Credentials

  1. Log into Secureframe
  2. Navigate to Profile Picture → Company Settings → API Keys
  3. Click Create API Key
  4. Save your credentials securely (secret shown only once)

⚖️ License

This project is licensed under the MIT License. See LICENSE for details.

from github.com/secureframe/secureframe-mcp-server

Installing Secureframe Server

This server has no published package — it is built from source. Open the repository and follow its README.

▸ github.com/secureframe/secureframe-mcp-server

FAQ

Is Secureframe Server MCP free?

Yes, Secureframe Server MCP is free — one-click install via Unyly at no cost.

Does Secureframe Server need an API key?

No, Secureframe Server runs without API keys or environment variables.

Is Secureframe Server hosted or self-hosted?

A hosted option is available: Unyly runs the server in the cloud, no local setup required.

How do I install Secureframe Server in Claude Desktop, Claude Code or Cursor?

Open Secureframe Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Secureframe Server with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All ai MCPs