BitSight Community MCP Server

A Model Context Protocol (MCP) server that provides access to BitSight security rating data. It utilizes FastMCP and the brandon-smith-187/bitsight Python library. It can be run easily without installation in a temporary, isolated Python environment with uv.

Installation

Configuration

Set these environment variables:

• BST_API_KEY (required): Your BitSight API key

• DEBUG (optional): Enable debug logging (true, false, default: false)

Run directly from GitHub with uvx

Or run locally

That's it! The script will automatically install all dependencies using PEP 723 inline metadata.

Alternatively run with fastmcp for more options, like HTTP transport.

Related MCP server: MCP Vulnerability Management System

Disclaimer

This project is not affiliated with, endorsed by, or sponsored by BitSight Technologies, Inc. This is an unofficial, community-developed MCP server that provides integration with Bitsight's publicly available services.

• This project is developed and maintained independently by the open source community

• "Bitsight" is a registered trademark of BitSight Technologies, Inc.

• This integration is provided "as-is" without any warranty or official support from BitSight Technologies, Inc.

This project enables third-party access to Bitsight services through their public APIs and is intended for educational and integration purposes only.

Features

Version 1.0 (MVP)

• Company Search: Search for companies by name or domain

• Company Rating: Get security ratings with automatic subscription management

• Ephemeral Subscriptions: Automatically subscribe and unsubscribe for one-time rating requests

• Structured Error Handling: Clear error responses for API issues and quota limits

• uv/uvx Compatible: Run easily with uv using PEP 723 inline script metadata

Available Tools

company_search

Search for companies in the BitSight database.

Parameters:

• name (optional): Company name to search for

• domain (optional): Company domain to search for

Returns:

• companies: List of matching companies with GUID, name, domain, and industry

• count: Total number of matches

• search_term: The term used for searching

Example:

get_company_rating

Get security rating for a company by GUID. Automatically manages BitSight subscriptions.

Parameters:

• guid (required): BitSight GUID of the company

Returns:

• rating: Current security rating (0-900 scale)

• rating_date: Date of the rating

• grade: Letter grade (A, B, C, D, F)

• company_name: Name of the company

• auto_subscribed: Boolean indicating if auto-subscription was performed

• auto_unsubscribed: Boolean indicating if auto-unsubscription was performed

Example:

Development

Project Structure

Future Versions

Version 2.0: Category Risk Ratings

• Retrieve risk ratings by category/vector

• Filter by specific risk categories

Version 3.0: Company Reports

• Download official BitSight PDF reports

• Handle report generation limits

Version 4.0: Database Caching

• Daily caching of company rating data

• Reduce duplicate API calls

Version 5.0: Multi-Tenant Service

• Remote deployment support

• Authentication and authorization

• Concurrent user support

License

This project is licensed under the MIT License.