Integrations
Manages environment variables for the EPSS MCP server, specifically for storing and accessing the NVD API key required for vulnerability data retrieval.
Supports containerized deployment of the EPSS MCP server, enabling consistent runtime environments and easier integration with tools like Open-WebUI.
Enables integration with VS Code through the GitHub Copilot Labs extension, providing access to CVE details and EPSS scores directly in the development environment.
EPSS MCP Project
The EPSS MCP Project is a powerful server designed to retrieve CVE details from the NVD API and fetch EPSS scores from the EPSS server. It provides users with comprehensive vulnerability information, including CVE descriptions, CWEs, CVSS scores, and EPSS percentiles, all in one place.
Features
- Comprehensive CVE Information: Fetch detailed vulnerability data, including descriptions, CWEs, and CVSS scores, directly from the NVD API.
- EPSS Integration: Retrieve EPSS scores and percentiles to assess the likelihood of exploitation for specific vulnerabilities.
- MCP Server: Serve data through a robust and extensible MCP server for seamless integration with other tools.
- Docker Support: Easily deploy the server using Docker for a consistent and portable runtime environment.
- VS Code Compatibility: Integrate with VS Code MCP for enhanced developer workflows and real-time vulnerability insights.
Prerequisites
- Python 3.13 or higher
- Docker (optional, for containerized deployment)
- An NVD API key (add it to the
.env
file asNVD_API_KEY
)
Setup Instructions
1. Clone the Repository
2. Install Dependencies
It is recommended to use a virtual environment. You can create one using venv
or conda
. Then, install the required packages:
3. Add Your NVD API Key
Create a .env
file in the project root and add your NVD API key:
Usage
Running the MCP Server Locally
To start the MCP server locally, run:
Once the server is running, you can make requests to retrieve CVE details by specifying the CVE ID.
Example Request
To get details for a specific CVE, use the following format:
Replace <CVE-ID>
with the actual CVE identifier (e.g., CVE-2022-1234
).
Docker Deployment (for Open-WebUI)
If you want to run the MCP server in Open-WebUI, follow these steps:
1. Build the Docker Image
To build the Docker container, run:
2. Run the Docker Container
Run the container and expose it on port 8000
:
The MCP server will now be accessible at http://localhost:8000
.
WebUI Screenshot
Below is a screenshot of the MCP server running in the Open-WebUI:
Suggested System Prompt for WebUI
When using the MCP server in Open-WebUI, you can configure the following system prompt to guide interactions:
Serving to VS Code MCP
To serve the MCP server to VS Code MCP, follow these steps:
- Add the Local Server to VS Code:
Open your VS Code
settings.json
file and add the following configuration to register the local server:Note: Make sure to update theCopyargs
path to match the location of theepss_mcp.py
file on your local machine. - Connect to VS Code:
- Open VS Code.
- Install the Microsoft Copilot Labs extension if not already installed.
- Ensure the MCP server is listed and active in the extension.
- Start Using the MCP Server: Once connected, VS Code will call the Python file directly to fetch CVE details and EPSS scores.
VS Code Screenshot
Below is a screenshot of the MCP server integrated with VS Code:
Project Structure
Contributing
Contributions are welcome! Please feel free to submit a pull request or open an issue for any enhancements or bug fixes.
License
This project is licensed under the MIT License. See the LICENSE file for more details.
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
A server that retrieves CVE details from the NVD API and fetches EPSS scores to provide comprehensive vulnerability information, including descriptions, CWEs, CVSS scores, and exploitation likelihood percentiles.
Related MCP Servers
- AsecurityAlicenseAqualityA Model Context Protocol (MCP) server for querying the CVE-Search API. This server provides comprehensive access to CVE-Search, browse vendor and product、get CVE per CVE-ID、get the last updated CVEs.Last updated -615PythonMIT License
- -securityAlicense-qualityA Model Context Protocol server implementation to query the NIST National Vulnerability Database (NVD) via its API.Last updated -PythonMIT License
- AsecurityFlicenseAqualityA Model Context Protocol server for accessing NovaCV resume services API, enabling users to generate PDF resumes, analyze resume content, convert resume text to JSON format, and get available resume templates.Last updated -41331JavaScript
- AsecurityAlicenseAqualityThe server can be utilized for secure development by listing all packages' CVEs, their affected versions and their fix versions.Last updated -32PythonMIT License