vantactl - Vanta CLI
A Go CLI for interacting with the Vanta REST API. Designed to work well for both humans and AI agents, with JSON-first output, schema introspection, field masks, streaming pagination, and dry-run support.
Why vantactl?
Vanta offers an official MCP server (public preview) that gives AI assistants access to Vanta data via the Model Context Protocol. It works well inside tools like Claude Desktop and Cursor that speak MCP natively.
vantactl takes a different approach. It's a standalone CLI binary, not an MCP server. This matters for a few reasons:
| vantactl | Vanta MCP Server |
|---|
| Runtime | Single Go binary, no dependencies | Node.js, requires npm/npx |
| Auth | API token (env var or config file) | OAuth client credentials (JSON file) |
| Usable by | Any shell, script, CI pipeline, or AI agent | MCP-compatible AI hosts only |
| Write operations | Full CRUD (create, update, delete) | Read-only |
| Output control | --fields, --output json/table/ndjson, streaming pagination | Structured tool responses (MCP format) |
| Safety | --dry-run, input validation, rate limiting | Relies on AI host behavior |
| Schema discovery | vantactl schema (machine-readable JSON) | Tool descriptions in MCP manifest |
| Status | In development | Public preview |
In short: if you need a general-purpose tool for scripting, CI, or agent use across any context, use vantactl. If you're working exclusively within an MCP-compatible AI host and only need read access, the official MCP server is a fine choice.
They're also complementary - you can use both.
Install
Pre-built binaries
Download the latest release for your platform from the
Releases page.
Archives are published with a checksums.sha256 file; verify before installing.
Supported platforms: darwin-arm64, darwin-amd64, linux-amd64,
linux-arm64, windows-amd64.
# Example: macOS arm64 (substitute the latest tag and your platform)
VERSION=v0.1.2
PLATFORM=darwin-arm64 # or darwin-amd64, linux-amd64, linux-arm64
curl -fsSL -O "https://github.com/homebot-labs/vantactl/releases/download/${VERSION}/vantactl-${VERSION}-${PLATFORM}.tar.gz"
tar -xzf "vantactl-${VERSION}-${PLATFORM}.tar.gz"
chmod +x vantactl
sudo mv vantactl /usr/local/bin/
Windows builds ship as .zip with vantactl.exe inside.
From source
go install github.com/homebot-labs/vantactl@latest
# Or clone and build
git clone https://github.com/homebot-labs/vantactl.git
cd vantactl
make build
As a Claude Code plugin
If you use Claude Code, vantactl ships as a plugin that auto-installs the
binary on first use and checks for updates daily (macOS and Linux only):
claude plugins install github:homebot-labs/vantactl
Authentication
# Option 1: Environment variable (recommended for CI and agents)
export VANTA_API_TOKEN=vat_xxxxx
# Option 2: Store in config file
vantactl auth login --token vat_xxxxx
# Option 3: Interactive prompt
vantactl auth login
# Check status
vantactl auth status
Get an API token from the Vanta developer dashboard.
Usage
vantactl <resource> <action> [args] [flags]
List resources
vantactl controls list
vantactl tests list --status NEEDS_ATTENTION
vantactl vulnerabilities list --severity CRITICAL
vantactl people list --employmentStatus ACTIVE
Get by ID
vantactl controls get ctl_abc123
vantactl people get per_xyz --fields name,email,employment
Create and update (with raw JSON)
vantactl vendors create --json '{"name":"Acme Corp","url":"https://acme.com"}'
vantactl controls update ctl_abc --json '{"description":"Updated"}'
vantactl vendors delete vnd_xyz
Output formats
# Pretty JSON (default)
vantactl controls list
# Table (for humans)
vantactl people list -o table --fields name,email,status
# NDJSON (one JSON object per line, for piping)
vantactl vulnerabilities list -o ndjson --fields id,name,severity
Field masks
# Only include specific fields in output
vantactl controls list --fields id,name,status
Pagination
# Control page size
vantactl controls list --page-size 50
# Fetch ALL pages (streams as NDJSON)
vantactl vulnerabilities list --page-all --fields id,name,severity
Dry run
Preview the HTTP request without executing it:
vantactl vendors create --json '{"name":"Acme"}' --dry-run
{
"method": "POST",
"url": "https://api.vanta.com/v1/vendors",
"body": {
"name": "Acme"
}
}
Schema introspection
Agents (and humans) can discover the full API surface:
# List all resources and their actions
vantactl schema
# Show actions for a specific resource
vantactl schema controls
JuliusBrussee
thedotmack
xrf9268-hue
alirezarezvani