Secureframe Server
БесплатноНе проверенProvides AI assistants with read-only access to Secureframe's compliance data, enabling querying of security controls, tests, users, vendors, and more across fr
Описание
Provides AI assistants with read-only access to Secureframe's compliance data, enabling querying of security controls, tests, users, vendors, and more across frameworks like SOC 2 and ISO 27001.
README
This Model Context Protocol server provides read-only access to Secureframe's compliance automation platform for AI assistants like Claude and Cursor. Query security controls, monitor compliance tests, and access audit data across SOC 2, ISO 27001, CMMC, FedRAMP, and other frameworks.
⚠️ Disclaimer: This MCP server is currently in public beta and grants AI assistants read-only access to your Secureframe compliance data. While the server only performs read operations, always review and validate AI-generated insights before making any compliance or security decisions. You are responsible for ensuring all AI outputs align with your organization's compliance policies and security standards.
🚀 Quick Start
Prerequisites
- Python 3.7 or higher
- Secureframe API credentials (Get them here)
- Claude Desktop, Cursor IDE, or any MCP-compatible tool
Installation
# Clone and setup
git clone https://github.com/secureframe/secureframe-mcp-server.git
cd secureframe-mcp-server
# Create virtual environment (recommended)
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Configure credentials
cp env.example .env
# Edit .env with your API credentials
🔧 Configuration
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"secureframe": {
"command": "python",
"args": ["/absolute/path/to/secureframe-mcp-server/main.py"],
"env": {
"SECUREFRAME_API_KEY": "your_api_key",
"SECUREFRAME_API_SECRET": "your_api_secret",
"SECUREFRAME_API_URL": "https://api.secureframe.com"
}
}
}
}
Cursor IDE
Configure in Cursor's MCP settings:
{
"mcpServers": {
"Secureframe": {
"command": "python",
"args": ["/absolute/path/to/secureframe-mcp-server/main.py"],
"env": {
"SECUREFRAME_API_KEY": "your_api_key",
"SECUREFRAME_API_SECRET": "your_api_secret",
"SECUREFRAME_API_URL": "https://api.secureframe.com"
}
}
}
}
Environment Variables
| Variable | Description | Required |
|---|---|---|
SECUREFRAME_API_KEY |
Your Secureframe API key | ✅ |
SECUREFRAME_API_SECRET |
Your Secureframe API secret | ✅ |
SECUREFRAME_API_URL |
API endpoint (defaults to US region) | ❌ |
Regional Endpoints:
- 🇺🇸 US:
https://api.secureframe.com(default) - 🇬🇧 UK:
https://api-uk.secureframe.com
📋 Available Tools (11 Read-Only Operations)
| Tool | Purpose |
|---|---|
| list_controls | List security controls across frameworks with filtering |
| list_tests | List compliance tests with pass/fail status |
| list_users | List personnel and their compliance status |
| list_devices | List managed devices and security compliance |
| list_user_accounts | List user accounts from integrations |
| list_tprm_vendors | List third-party risk management vendors |
| list_vendors | List vendors (legacy API) |
| list_frameworks | List available compliance frameworks |
| list_repositories | List code repositories and audit scope |
| list_integration_connections | List integration status and connections |
| list_repository_framework_scopes | List framework scopes for specific repositories |
💡 Usage Examples
Monitor Failing Controls
# Find controls that need attention for SOC 2
list_controls(
search_query="health_status:unhealthy AND frameworks:soc2_alpha",
per_page=50
)
Find Failing Tests
# Get top 5 failing tests
list_tests(
search_query="health_status:fail",
per_page=5
)
Review High-Risk Vendors
# Find high-risk vendors
list_tprm_vendors(
search_query="risk_level:High",
per_page=20
)
Check User Compliance
# Find inactive contractors
list_users(
search_query="employee_type:contractor AND active:false",
per_page=100
)
🔍 Search Capabilities
The server supports powerful Lucene query syntax for filtering:
Example Queries
Find critical failing tests:
health_status:fail AND frameworks:soc2_alpha
Locate inactive users:
active:false AND employee_type:contractor
Search high-risk vendors:
risk_level:High AND archived:false
Common Search Fields
Controls & Tests
health_status- For controls: healthy, unhealthy, draft. For tests: pass, fail, disabledenabled- true/falsetest_type- integration, upload
Personnel
active- true/falseemail- User email addressemployee_type- employee, contractor, non_employee, auditor, externalin_audit_scope- true/false
Vendors (TPRM)
risk_level- Low, Medium, Highstatus- draft, completedarchived- true/false
Repositories
private- true/falsein_audit_scope- true/false
🛠️ Development
Debug with MCP Inspector
npx @modelcontextprotocol/inspector python main.py
📚 Resources
🎯 Obtaining API Credentials
- Log into Secureframe
- Navigate to Profile Picture → Company Settings → API Keys
- Click Create API Key
- Save your credentials securely (secret shown only once)
⚖️ License
This project is licensed under the MIT License. See LICENSE for details.
Установка Secureframe Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/secureframe/secureframe-mcp-serverFAQ
Secureframe Server MCP бесплатный?
Да, Secureframe Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Secureframe Server?
Нет, Secureframe Server работает без API-ключей и переменных окружения.
Secureframe Server — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Secureframe Server в Claude Desktop, Claude Code или Cursor?
Открой Secureframe Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare Secureframe Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
