Provides access to OWASP Cheat Sheets content, enabling search capabilities and retrieval of security best practices from the OWASP Cheat Sheet Series repository.
owasp_cheatsheets_mcp_server
A minimal Model Context Protocol (MCP) compatible server providing the OWASP Cheat Sheets.
The server uses FastAPI to expose a simple HTTP API that returns the contents of the cheat sheets from the OWASP Cheat Sheet Series.
Prerequisites
Python 3.8 or newer
Git (for cloning the cheat sheet repository on first run)
Related MCP server: Excel MCP Server
Usage
Install requirements:
pip install -r requirements.txt(Optional) Set
CHEATSHEETS_DIRif you already have a local copy of the cheat sheets:export CHEATSHEETS_DIR=/path/to/CheatSheetSeries/cheatsheetsRun the server with
uvicorn:uvicorn server.app:app --reloadIf
CHEATSHEETS_DIRis not set the server will clone the cheat sheet repository on first start (requires network access).
Endpoints
GET /health– Basic health check.GET /cheatsheets– List available cheat sheet files.GET /cheatsheets/{name}– Retrieve a specific cheat sheet.GET /search?q=term– Search cheat sheets for a term and return matching file names.
Running in production
Use uvicorn with explicit host and port when deploying:
For a real deployment consider a process manager such as systemd or running behind a reverse proxy.
Contributing
Pull requests are welcome. Tests can be added under a tests/ directory using pytest.
This implementation is a simplified example of an MCP server and may not cover the entire specification.