This MCP server enables LLMs to interact with SD Elements security development lifecycle platform through natural language commands and API integration.
Core Management Capabilities:
Project Management: List, create, update, and delete projects with full CRUD operations
Application Management: Create and manage applications within business units
Countermeasure Management: List, view, update security countermeasure status and add notes
User & Team Management: List users, business units, and organizational structure
Survey Management: Set project surveys using natural language technology names (Python, AWS, Docker) instead of answer IDs
Advanced Features:
Repository Scanning: Automatically scan GitHub/GitLab repositories to detect technologies and populate surveys
Threat Model Diagrams: Full diagram lifecycle management (requires CSM enablement)
Advanced Reporting: Execute existing reports, create custom reports, and run Cube API queries
Generic API Access: Make custom API calls (GET, POST, PUT, PATCH, DELETE) to any SD Elements endpoint
Connection Testing: Verify API connectivity and authentication
Natural Language Interface:
Add/remove technologies from surveys using plain English
Scan repositories with simple URL commands
Generate reports and analytics through conversational commands
Provides integration with SD Elements security development lifecycle platform, allowing management of projects, applications, countermeasures, tasks, surveys, phases, and milestones through the SD Elements API.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@SD Elements MCP Serverlist countermeasures for project 'mobile banking app'"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Warning This project is a work in progress. Use at your own risk.
SD Elements MCP Server
MCP server for SD Elements API v2 (STDIO only). Use it from MCP clients to manage projects, surveys, countermeasures, scans, reports, diagrams, and users.
Quick start
Required configuration
SDE_HOST:https://your-sdelements-instance.comSDE_API_KEY:your-api-key-here
Client setup (Cursor + Claude Desktop)
Both clients use the same mcpServers object — the only difference is where you paste it.
Cursor: add this under MCP settings (Cursor “MCP Servers” /
mcpServers).Claude Desktop: add this to
claude_desktop_config.json.
Pick one execution style:
Option A (recommended): run from the GitHub repo via
npx(builds on install)
Option B: run from a local checkout (build output)
Build
Local checkout build (for Option B)
Tools
Projects / profiles / risk policies:
list_projects,get_project,create_project,update_project,delete_project,create_project_from_code,list_profiles,list_risk_policies,get_risk_policyApplications:
list_applications,get_application,create_application,update_applicationBusiness units:
list_business_units,get_business_unitCountermeasures:
list_countermeasures,get_countermeasure,update_countermeasure,add_countermeasure_note,get_task_status_choicesSurveys:
get_project_survey,get_survey_answers_for_project,update_project_survey,find_survey_answers,set_project_survey_by_text,add_survey_answers_by_text,remove_survey_answers_by_text,commit_survey_draft,add_survey_question_commentScans:
list_scan_connections,scan_repository,get_scan_status,list_scansDiagrams:
list_project_diagrams,get_diagram,create_diagram,update_diagram,delete_diagramReports / Cube:
list_advanced_reports,get_advanced_report,update_advanced_report,run_advanced_report,create_advanced_report,execute_cube_queryUsers:
list_users,get_user,get_current_userGeneric:
test_connection,api_request
Notes
Missing env vars: tools will fail if
SDE_HOST/SDE_API_KEYaren’t set.
