Integrations
Provides a Model Context Protocol (MCP) server implementation for DefectDojo (built on Django), enabling interaction with DefectDojo's vulnerability management system, including tools for managing findings, products, and engagements.
DefectDojo MCP Server
This project provides a Model Context Protocol (MCP) server implementation for DefectDojo, a popular open-source vulnerability management tool. It allows AI agents and other MCP clients to interact with the DefectDojo API programmatically.
Features
This MCP server exposes tools for managing key DefectDojo entities:
- Findings: Fetch, search, create, update status, and add notes.
- Products: List available products.
- Engagements: List, retrieve details, create, update, and close engagements.
Installation & Running
There are a couple of ways to run this server:
Using uvx
(Recommended)
uvx
executes Python applications in temporary virtual environments, installing dependencies automatically.
Using pip
You can install the package into your Python environment using pip
.
Once installed via pip, run the server using:
Configuration
The server requires the following environment variables to connect to your DefectDojo instance:
DEFECTDOJO_API_TOKEN
(required): Your DefectDojo API token for authentication.DEFECTDOJO_API_BASE
(required): The base URL of your DefectDojo instance (e.g.,https://your-defectdojo-instance.com
).
You can configure these in your MCP client's settings file. Here's an example using the uvx
command:
If you installed the package using pip
, the configuration would look like this:
Available Tools
The following tools are available via the MCP interface:
get_findings
: Retrieve findings with filtering (product_name, status, severity) and pagination (limit, offset).search_findings
: Search findings using a text query, with filtering and pagination.update_finding_status
: Change the status of a specific finding (e.g., Active, Verified, False Positive).add_finding_note
: Add a textual note to a finding.create_finding
: Create a new finding associated with a test.list_products
: List products with filtering (name, prod_type) and pagination.list_engagements
: List engagements with filtering (product_id, status, name) and pagination.get_engagement
: Get details for a specific engagement by its ID.create_engagement
: Create a new engagement for a product.update_engagement
: Modify details of an existing engagement.close_engagement
: Mark an engagement as completed.
(See the original README content below for detailed usage examples of each tool)
Usage Examples
(Note: These examples assume an MCP client environment capable of calling use_mcp_tool
)
Get Findings
Search Findings
Update Finding Status
Add Note to Finding
Create Finding
List Products
List Engagements
Get Engagement
Create Engagement
Update Engagement
Close Engagement
Development
Setup
- Clone the repository.
- It's recommended to use a virtual environment:Copy
- Install dependencies, including development dependencies:Copy
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
Contributions are welcome! Please feel free to open an issue for bugs, feature requests, or questions. If you'd like to contribute code, please open an issue first to discuss the proposed changes.
You must be authenticated.
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Tools
Provides a Model Context Protocol server implementation that allows AI agents and other MCP clients to programmatically interact with DefectDojo, a vulnerability management tool, for managing findings, products, and engagements.
- Features
- Installation & Running
- Configuration
- Available Tools
- Usage Examples
- Development
- License
- Contributing
Related Resources
Related MCP Servers
- AsecurityFlicenseAqualityModel Context Protocol (MCP) server that integrates Redash with AI assistants like Claude, allowing them to query data, manage visualizations, and interact with dashboards through natural language.Last updated -105316JavaScript
- -securityAlicense-qualityA Model Context Protocol server that connects Claude and other MCP clients to Aider, enabling AI assistants to efficiently edit files, create new files, and interact with git repositories through natural language.Last updated -9PythonThe Unlicense
- -securityAlicense-qualityAn MCP server implementation that standardizes how AI applications access tools and context, providing a central hub that manages tool discovery, execution, and context management with a simplified configuration system.Last updated -9PythonMIT License
- -securityAlicense-qualityA Model Context Protocol server that enables AI assistants to search and retrieve information about security exploits and vulnerabilities from the Exploit Database, enhancing cybersecurity research capabilities.Last updated -4TypeScriptMIT License