Skip to main content
Glama
Sign In
enesjakozh

GHAS MCP server (GitHub Advanced Security)

by rajbos
GitHub
TypeScript
5
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

ghas-mcp-server

MCP server to make calls to GHAS for GitHub repositories.

Currently this has the following tools that are supported:

  • list_dependabot_alerts: List all dependabot alerts for a repository
  • list_secret_scanning_alerts: List all secret scanning alerts for a repository
  • list_code_scanning_alerts: List all code scanning alerts for a repository

Make sure to add these three scopes (read only) to the configured PAT and for the correct organization as well!

Install in VS Code and VS Code Insiders

Use the buttons to install the server in your VS Code or VS Code Insiders environment. Make sure to read the link before you trust it! The links go to vscode.dev and insiders.vscode.dev and contain instructions to install the server.

VS Code will let you see the configuration before anything happens:

Example configuration

Add the configurations below to your MCP config in the editor.

Secure option: use the authenticated GitHub CLI

Instead of storing a Personal Access Token (see next section), you can also use the authenticated GitHub CLI. This will use the credentials you have configured in your GitHub CLI. This is useful when you have the GitHub CLI installed and already authenticated.

To use the GitHub CLI for authentication, follow the steps below:

  • Add "GITHUB_PERSONAL_ACCESS_TOKEN_USE_GHCLI": "true" to your environment variables.
  • Ensure you have the GitHub CLI installed and authenticated by running gh auth login.

Configuration:

{ "mcp": { "inputs": [ ] }, "servers": { "ghas-mcp-server": { "command": "npx", "args": [ "-y", "@rajbos/ghas-mcp-server" ], "env": { "GITHUB_PERSONAL_ACCESS_TOKEN_USE_GHCLI": "true" } } } }

Configuration with a personal access token

For VS Code it would look like this:

{ "mcp": { "inputs": [ { "id": "github_personal_access_token", "description": "GitHub Personal Access Token", "type": "promptString", "password": true } ] }, "servers": { "ghas-mcp-server": { "command": "npx", "args": [ "-y", "@rajbos/ghas-mcp-server" ], "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_personal_access_token}" } } } }

Results

Contributing

Contributions are welcome! If you have ideas for new tools or improvements, please open an issue or submit a pull request.

Quick Start

# Install dependencies npm install # Build the project npm run build

Project Structure

ghas-mcp-server/ ├── src/ │ ├── operations/ # MCP Tools │ │ └── security.ts │ └── index.ts # Server entry point ├── package.json └── tsconfig.json

Adding Components

The project comes with the GHAS tools in src/operations/security.ts.

Building

  1. Make changes to your tools
  2. Run npm run build to compile
  3. The server will automatically load your tools on startup

Testing the local build

You can test your local build by configuring the locally build version with the following MCP config:

"servers": { "ghas-mcp-server": { "command": "node", "args": [ "C:/Users/RobBos/Code/Repos/rajbos/ghas-mpc-server/dist/index.js" ], "env": { "GITHUB_PERSONAL_ACCESS_TOKEN_USE_GHCLI": "true" } } }

Don't forget to change the path to your local build and build the project first!

Learn More

This server cannot be installed

-
security - not tested
-
license - not tested
-
quality - not tested

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

This server integrates with GitHub Advanced Security to load security alerts and bring it into your context. Supports Dependabot Security Alerts, Secret Scanning Alerts, Code Security Alerts

  1. Install in VS Code and VS Code Insiders
    1. Example configuration
      1. Secure option: use the authenticated GitHub CLI
      2. Configuration with a personal access token
    2. Results
      1. Contributing
        1. Quick Start
        2. Project Structure
        3. Adding Components
        4. Building
        5. Learn More

      Related MCP Servers

      • mcp-snyk

        Sladey01
        -
        security
        F
        license
        -
        quality
        A standalone Model Context Protocol server for Snyk security scanning functionality.
        Last updated -
        2
        1
        JavaScript

      • ClickUp MCP Server

        Nazruden
        A
        security
        A
        license
        A
        quality
        This server integrates AI assistants with ClickUp workspaces, enabling task, team, list, and board management through a secure OAuth2 authentication process.
        Last updated -
        5
        5
        TypeScript
        MIT License
        • Apple

      • GitHub MCP Server

        timbuchinger
        -
        security
        F
        license
        -
        quality
        Enables interaction with GitHub issues via the Model Context Protocol, allowing users to list and create issues with secure authentication.
        Last updated -
        Python

      • Snyk MCP Server

        sammcj
        -
        security
        F
        license
        -
        quality
        A standalone server enabling Snyk security scanning through the Model Context Protocol, with support for repository and project analysis, token verification, and CLI integration.
        Last updated -
        1
        JavaScript

      View all related MCP servers

      Appeared in Searches

      New MCP Servers

      ID: ko542m3922