Provides structured access to the OWASP Bug Logging Tool (BLT) ecosystem, allowing AI agents to submit issues, triage vulnerabilities, manage security workflows, and track contributor rankings and rewards.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@BLT-MCPSubmit a high-priority bug for the auth system in repo 123"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
BLT-MCP
An MCP (Model Context Protocol) server that provides AI agents and developers with structured access to the BLT (Bug Logging Tool) ecosystem. This server enables seamless integration with IDEs and chat interfaces to log bugs, triage issues, query data, and manage security workflows.
Overview
BLT-MCP implements the MCP standard, giving AI agents structured access to BLT through three powerful layers:
π Resources (blt:// URIs)
Access BLT data through standardized URIs:
blt://issues- All issues in the systemblt://issues/{id}- Specific issue detailsblt://repos- Tracked repositoriesblt://repos/{id}- Specific repository detailsblt://contributors- All contributorsblt://contributors/{id}- Specific contributor detailsblt://workflows- All workflowsblt://workflows/{id}- Specific workflow detailsblt://leaderboards- Leaderboard rankings and statisticsblt://rewards- Rewards and bacon points
π οΈ Tools
Perform actions on BLT:
submit_issue - Report new bugs and vulnerabilities
award_bacon - Award bacon points to contributors (gamification)
update_issue_status - Change issue status (open, in_progress, resolved, closed, wont_fix)
add_comment - Add comments to issues
π‘ Prompts
AI-guided workflows for common security tasks:
triage_vulnerability - Guide AI through vulnerability triage and severity assessment
plan_remediation - Create comprehensive remediation plans for security issues
review_contribution - Evaluate contributions with quality assessment and bacon point recommendations
Features
β JSON-RPC 2.0 - Standard protocol for reliable communication
β OAuth/API Key Authentication - Secure access to BLT endpoints
β Unified Interface - Single agent-friendly interface to all BLT functionality
β Autonomous Workflows - Enable AI agents to work independently
β Gamification Support - Built-in support for BLT's bacon point system
β Security-First - Designed for vulnerability management and security workflows
Installation
Prerequisites
Node.js 18 or higher
npm or yarn
Install Dependencies
Build
Configuration
Environment Variables
Create a .env file based on .env.example:
Configure the following variables:
MCP Client Configuration
To use this server with an MCP client (like Claude Desktop or Cline), add it to your MCP settings:
Usage
Running the Server
The server runs using stdio transport for MCP communication:
Using with AI Agents
Once configured in your MCP client, you can interact with BLT through natural language:
Example: Submitting an Issue
The AI agent will use the submit_issue tool to create the issue.
Example: Accessing Resources
The AI agent will read from blt://leaderboards to display the rankings.
Example: Using Prompts
The AI agent will use the triage_vulnerability prompt to guide the analysis.
API Reference
Resources
List All Issues
Get Specific Issue
Leaderboards
Tools
submit_issue
Submit a new issue to BLT.
Parameters:
title(string, required) - Issue titledescription(string, required) - Detailed descriptionrepo_id(string, optional) - Repository IDseverity(string, optional) - One of: low, medium, high, criticaltype(string, optional) - One of: bug, vulnerability, feature, other
Example:
award_bacon
Award bacon points to a contributor.
Parameters:
contributor_id(string, required) - Contributor IDpoints(number, required) - Points to awardreason(string, required) - Reason for the award
update_issue_status
Update the status of an issue.
Parameters:
issue_id(string, required) - Issue IDstatus(string, required) - One of: open, in_progress, resolved, closed, wont_fixcomment(string, optional) - Explanation for status change
add_comment
Add a comment to an issue.
Parameters:
issue_id(string, required) - Issue IDcomment(string, required) - Comment text
Prompts
triage_vulnerability
Guides AI through vulnerability triage.
Arguments:
vulnerability_description(required) - Description of the vulnerabilityaffected_component(optional) - Affected component or system
plan_remediation
Creates remediation plans for security issues.
Arguments:
issue_id(required) - Issue ID to create plan forcontext(optional) - Additional context
review_contribution
Evaluates security contributions.
Arguments:
contribution_id(required) - Contribution IDcontribution_type(optional) - Type of contribution
Development
Watch Mode
For development, use watch mode to automatically rebuild on changes:
Project Structure
Security Considerations
API Keys: Never commit API keys to version control. Use environment variables.
Access Control: Ensure proper authentication is configured for production use.
Rate Limiting: Be mindful of API rate limits when making requests.
Input Validation: The server validates all inputs before sending to the BLT API.
Contributing
Contributions are welcome! Please follow these guidelines:
Fork the repository
Create a feature branch
Make your changes
Submit a pull request
License
MIT License - see LICENSE file for details
Support
For issues, questions, or contributions, please visit:
GitHub: https://github.com/OWASP-BLT/BLT-MCP
OWASP BLT: https://owasp.org/www-project-bug-logging-tool/
Acknowledgments
Built on the Model Context Protocol
Part of the OWASP BLT Project
Powered by the security community