DevSecOps Mcp

Created By

jmstar857 months ago

A comprehensive Model Context Protocol (MCP) server that integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA) tools for AI-powered DevSecOps automation.

# #DevSecOps #SAST #DAST #IAST #SCA

Overview Content Tools Comments

Overview

DevSecOps MCP Server A comprehensive Model Context Protocol (MCP) server that integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA) tools for AI-powered DevSecOps automation.

🚀 Features SAST Integration: ✅ Semgrep, Bandit (verified) DAST Integration: ✅ OWASP ZAP (verified) IAST Integration: ✅ Trivy + OWASP ZAP hybrid (verified) SCA Integration: ✅ npm audit, OSV Scanner, Trivy (verified) Comprehensive Security Reports: JSON, HTML, PDF, SARIF formats Policy Enforcement: Configurable security thresholds and gates Docker Support: Full containerization with security tools Real-time Monitoring: Performance metrics and logging 100% Open Source: No commercial tool dependencies AI-Powered Analysis: Claude integration for intelligent security insights 🛠️ Architecture src/ ├── mcp/ │ ├── server.ts # Main MCP server │ ├── tools/ │ │ ├── sast-tool.ts # SAST integration │ │ ├── dast-tool.ts # DAST integration
│ │ ├── iast-tool.ts # IAST integration │ │ └── sca-tool.ts # SCA integration │ └── connectors/ │ ├── sonarqube.ts │ ├── zap.ts │ ├── trivy.ts │ └── osv-scanner.ts ├── config/ │ ├── security-rules.yml │ └── tool-configs.json └── tests/security/

🎯 Summary DevSecOps MCP Server is an AI-powered security automation platform verified through real-world testing:

Key Achievements ✅ 80+ real vulnerabilities detected (SAST: 60+, DAST: 5+, SCA: 20+) OWASP Top 10 100% coverage verification completed All 4 security test types integrated (SAST, DAST, IAST, SCA) Fully open source based (commercial tool dependencies removed) Claude AI integration ready Ready to Use 🚀

Setup and test in under 5 minutes

pip3 install semgrep bandit git clone && cd DevSecOps-MCP node test-all-security.js Differentiators 💡 AI Native: Natural language security analysis with Claude Proven Performance: Tested with real vulnerabilities Zero Cost: Completely free and open source Plug & Play: Ready-to-use configuration Built with security in mind for modern DevSecOps workflows 🛡️

"The future of security is AI-powered, open, and automated."

Server Config

{
  "mcpServers": {
    "devsecops": {
      "command": "node",
      "args": [
        "dist/src/mcp/server.js"
      ],
      "cwd": "/path/to/DevSecOps-MCP",
      "env": {
        "NODE_ENV": "production",
        "MCP_PORT": "3000",
        "LOG_LEVEL": "info",
        "SECURITY_STRICT_MODE": "true"
      }
    }
  }
}

Recommend Servers

TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.

Serper MCP ServerA Serper MCP Server

Visual Studio Code - Open Source ("Code - OSS")Visual Studio Code

MiniMax MCPOfficial MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.

BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.

Y GuiA web-based graphical interface for AI chat interactions with support for multiple AI models and MCP (Model Context Protocol) servers.

DeepChatYour AI Partner on Desktop

CursorThe AI Code Editor

ChatWiseThe second fastest AI chatbot™

WindsurfThe new purpose-built IDE to harness magic

Howtocook Mcp基于Anduin2017 / HowToCook （程序员在家做饭指南）的mcp server，帮你推荐菜谱、规划膳食，解决“今天吃什么“的世纪难题； Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"