DefectDojo MCP Server

Instructions

Implementation Reference

• src/defectdojo/findings_tools.py:6-40 (handler)

  The handler function for the 'get_findings' MCP tool. It processes input parameters into filters, calls the DefectDojo client to fetch findings, and formats the response with status and data/error handling.
  async def get_findings(product_name: Optional[str] = None, status: Optional[str] = None, severity: Optional[str] = None, limit: int = 20, offset: int = 0) -> Dict[str, Any]: """Get findings with optional filters and pagination. Args: product_name: Optional product name filter status: Optional status filter severity: Optional severity filter limit: Maximum number of findings to return per page (default: 20) offset: Number of records to skip (default: 0) Returns: Dictionary with status, data/error, and pagination metadata """ filters = {} if product_name: filters["product_name"] = product_name if status: filters["status"] = status if severity: filters["severity"] = severity if limit: filters["limit"] = limit if offset: filters["offset"] = offset client = get_client() result = await client.get_findings(filters) if "error" in result: return {"status": "error", "error": result["error"], "details": result.get("details", "")} return {"status": "success", "data": result}
• src/defectdojo/tools.py:32-35 (registration)

  Registration of the 'get_findings' tool with the MCP server using mcp.tool decorator, specifying name and description, and binding the handler function.
  mcp.tool( name="get_findings", description="Get findings with filtering options and pagination support" )(get_findings)
• src/defectdojo/client.py:43-45 (helper)

  Helper method in DefectDojoClient that performs the actual API request to retrieve findings, called by the tool handler.
  async def get_findings(self, filters: Optional[Dict[str, Any]] = None) -> Dict[str, Any]: """Get findings with optional filters.""" return await self._request("GET", "/api/v2/findings/", params=filters)
• src/defectdojo/findings_tools.py:44-88 (helper)

  Alternative or module-level registration function for finding tools, including 'get_findings', though the main registration is in tools.py.
  def register_tools(mcp): """Register finding-related tools with the MCP server instance.""" mcp.tool(name="get_findings", description="Get findings with filtering options and pagination support")(get_findings) mcp.tool(name="search_findings", description="Search for findings using a text query with pagination support")(search_findings) mcp.tool(name="update_finding_status", description="Update the status of a finding (Active, Verified, False Positive, Mitigated, Inactive)")(update_finding_status) mcp.tool(name="add_finding_note", description="Add a note to a finding")(add_finding_note) mcp.tool(name="create_finding", description="Create a new finding")(create_finding) async def search_findings(query: str, product_name: Optional[str] = None, status: Optional[str] = None, severity: Optional[str] = None, limit: int = 20, offset: int = 0) -> Dict[str, Any]: """Search for findings using a text query with pagination. Args: query: Text to search for in findings product_name: Optional product name filter status: Optional status filter severity: Optional severity filter limit: Maximum number of findings to return per page (default: 20) offset: Number of records to skip (default: 0) Returns: Dictionary with status, data/error, and pagination metadata """ filters = {} if product_name: filters["product_name"] = product_name if status: filters["status"] = status if severity: filters["severity"] = severity if limit: filters["limit"] = limit if offset: filters["offset"] = offset client = get_client() result = await client.search_findings(query, filters) if "error" in result: return {"status": "error", "error": result["error"], "details": result.get("details", "")} return {"status": "success", "data": result}