SD Elements MCP Server

List all projects in SD Elements

Get details of a specific project. Use list_countermeasures to see countermeasures for a project, not this tool.

List all available profiles in SD Elements

List all available risk policies in SD Elements

Get details of a specific risk policy

Create a new project in SD Elements. If name is not specified, prompts user to provide it. If profile is not specified, attempts to detect it from project name/description (e.g., 'mobile project' → Mobile profile). If detection fails, prompts user to select from available profiles.

Update an existing project (name, description, status, or risk_policy). Use when user says 'update', 'change', 'modify', or 'rename'. Do NOT use for 'archive', 'delete', or 'remove' - use delete_project instead.

IMPORTANT: risk_policy must be the numeric ID of the risk policy (e.g., 1, 2, 3), not the name. Use list_risk_policies to find the correct ID.

Delete a project. Use when user says 'delete', 'remove', 'archive', or wants to permanently remove a project. Do NOT use update_project for archiving.

Create application and project in SD Elements. Returns the project survey structure with all available questions and answers.

IMPORTANT: Before determining survey answers, the AI client MUST search the workspace codebase for evidence of survey answers and security requirements.

List all applications

Get details of a specific application

Create a new application

Update an existing application

List all business units

Get details of a specific business unit

List all countermeasures for a project. Use this to see countermeasures associated with a project, not get_project which returns project details.

Get details of a SPECIFIC countermeasure by its ID. Use this when the user asks about a particular countermeasure (e.g., "countermeasure 123", "T21", "countermeasure 456"). Accepts countermeasure ID as integer (e.g., 21) or string (e.g., "T21" or "31244-T21"). Filter by risk relevance - if true, only return risk-relevant countermeasures. Defaults to true. Do NOT use this tool when the user asks about available status choices or what statuses are valid - use get_task_status_choices instead.

Update a countermeasure (status or notes). Use when user says 'update status', 'mark as complete', or 'change status'. Do NOT use for 'add note', 'document', or 'note' - use add_countermeasure_note instead. Accepts countermeasure ID as integer (e.g., 21) or string (e.g., "T21" or "31244-T21").

Status can be provided as name (e.g., 'Complete', 'Not Applicable'), slug (e.g., 'DONE', 'NA'), or ID (e.g., 'TS1'). The tool will automatically resolve names/slugs to the correct status ID required by the API.

IMPORTANT: The 'notes' parameter sets a status_note, which is only saved when the status actually changes. If the countermeasure already has the target status, use add_countermeasure_note instead to add a note, or change the status to a different value first, then back to the target status to trigger saving the status_note.

Add a note to a countermeasure. Use when user says 'add note', 'document', 'note that', 'record that', or wants to add documentation. Use update_countermeasure if user wants to change status. Accepts countermeasure ID as integer (e.g., 21) or string (e.g., "T21" or "31244-T21").

IMPORTANT: Use this tool when adding notes to countermeasures that already have the target status. The update_countermeasure tool's 'notes' parameter only saves status_note when the status actually changes. For countermeasures that already have the desired status, always use add_countermeasure_note to ensure the note is saved.

Get the complete list of ALL available task status choices. Returns all valid status values that can be used when updating countermeasures (e.g., 'Complete', 'Not Applicable', 'In Progress', 'DONE', 'NA'). Use this tool when the user asks: "What task statuses are available?", "What statuses can I use?", "Show me valid status values", "What status values are valid for countermeasures?", or any question about available/valid status options. Task statuses are standardized across all projects. This tool returns the list of possible statuses, NOT the status of a specific countermeasure. For a specific countermeasure's status, use get_countermeasure instead.

Get the complete survey structure for a project (all available questions and ALL possible answers). Use this to see what survey questions exist and what answers are available. Use get_survey_answers_for_project to see only the answers that are currently selected for a project.

Update project survey with answer IDs. Selects answers in 'answers' list and optionally deselects answers in 'answers_to_deselect' list.

Find survey answers by text

Set/REPLACE all project survey answers by text. This REPLACES all existing answers with the new ones. Use ONLY when user wants to completely replace all answers. Use add_survey_answers_by_text if user says 'add' or wants to keep existing answers.

If replace_all is True (default), deselects all current answers not in the new list. If False, only selects the new answers without deselecting existing ones.

Remove survey answers by text. This explicitly deselects the specified answers while keeping all other answers unchanged.

ADD survey answers by text to existing answers. Use when user says 'add', 'include', or wants to add to existing answers. This ADDS new answers while preserving all existing ones. Use set_project_survey_by_text ONLY if user explicitly wants to REPLACE all answers.

Get the survey answers FOR A PROJECT that are currently selected/assigned. Use when user asks 'show me the survey answers for project X', 'what answers are set for project', 'survey answers for project', or 'current answers for project'. Returns only the answers that are currently selected for the project, not all available answers. Use get_project_survey to see the full survey structure with all available questions and answers.

Commit the survey draft to publish the survey and generate countermeasures

Add a comment to a survey question. Use this to explain why specific answers were selected for a question, providing context and justification for survey answer choices.

This is especially useful when setting project survey answers to document the reasoning behind answer selections.

Example: Add a comment to question Q1 in project 123 explaining that Python was selected because the project uses Django.

List all users

Get details of a specific user

Get current authenticated user

List repository scan connections

Scan a repository

Get status of a repository scan

List repository scans

List diagrams for a project

Get details of a specific diagram

Create a new diagram

Update a diagram

Delete a diagram

List all advanced reports

Get details of a specific advanced report

Update an existing advanced report. Provide only the fields you want to update. The query and chart_meta parameters can be JSON strings or objects.

Run an advanced report

Create a new advanced report. The query parameter can be a JSON string or object with schema, dimensions, measures, filters, order, and limit. The chart_meta parameter can be a JSON string or object if provided.

Example query: {"schema": "application", "dimensions": ["Project.name"], "measures": ["Task.count"]} Example chart_meta: {"columnOrder": ["Project.name", "Task.count"]}

Execute a Cube API query for advanced analytics. The query parameter can be a JSON string or object.

Query structure (see https://docs.sdelements.com/master/cubeapi/):

• schema: Required. One of: activity, application, countermeasure, integration, library, project_survey_answers, training, trend_application, trend_projects, trend_tasks, user

• dimensions: Required. Array like ["Application.name", "Project.id"]

• measures: Required. Array like ["Project.count", "Task.completeCount"]

• filters: Optional. Array of objects with member, operator (equals/contains/gt/etc), values

• order: Optional. 2D array like [["Application.name", "asc"], ["Project.count", "desc"]]

• limit: Optional. Number to limit results

• time_dimensions: Optional. For Trend Reports only (trend_application, trend_projects, trend_tasks)

Example: {"schema": "application", "dimensions": ["Application.name"], "measures": ["Project.count"], "limit": 10}

Make a generic API request to a custom endpoint. Use when user says 'make a GET/POST/PUT/DELETE request', 'call API endpoint', or 'custom API call'. Do NOT use for specific operations - use dedicated tools like get_project instead.

Test the connection to SD Elements API. Use this to verify API connectivity and credentials, not for making API calls.