mcp-defectdojo
by inspicere
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| LOG_LEVEL | No | Logging level | INFO |
| FASTMCP_HOST | No | Bind address for network transports | 0.0.0.0 |
| FASTMCP_PORT | No | Port for network transports | 8000 |
| REQUIRE_AUTH | No | Set to false to allow unauthenticated network access | |
| AUDIT_HMAC_KEY | No | HMAC key for audit log integrity chain | |
| AUDIT_LOG_FILE | No | Path for dedicated audit log file | |
| DEFECTDOJO_URL | Yes | Base URL of the DefectDojo instance (must use https:// unless overridden) | |
| MCP_AUTH_TOKEN | No | Legacy auth token mapping to admin role | |
| MCP_READ_TOKEN | No | Legacy read token mapping to reader role | |
| AUDIT_LOG_SYSLOG | No | Syslog destination. Format: [transport://]host[:port] | |
| FASTMCP_TRANSPORT | No | Transport mode: stdio, sse, streamable-http, http | stdio |
| AUDIT_LOG_HTTPS_CA | No | Custom CA certificate path for HTTPS TLS verification | |
| DEFECTDOJO_API_KEY | No | API key for DefectDojo (generate at DefectDojo > API v2 > Your API Key) | |
| ALLOW_INSECURE_HTTP | No | Allow http:// URLs (TLS required by default) | false |
| AUDIT_LOG_HTTPS_URL | No | HTTPS endpoint for log forwarding | |
| AUDIT_LOG_SYSLOG_CA | No | Custom CA certificate for syslog TLS verification | |
| MUTATION_RATE_LIMIT | No | Max mutations per rate window per authenticated caller | 60 |
| MUTATION_RATE_WINDOW | No | Rate window in seconds | 60 |
| AUDIT_LOG_HTTPS_TOKEN | No | Bearer token for HTTPS endpoint authentication | |
| DEFECTDOJO_READ_API_KEY | No | Read-only API key (used for GET requests) | |
| DEFECTDOJO_WRITE_API_KEY | No | Write API key (used for POST/PATCH requests) | |
| AUDIT_LOG_HTTPS_BATCH_SIZE | No | Number of log records per HTTPS batch | 10 |
| AUDIT_LOG_HTTPS_FLUSH_SECS | No | Seconds before flushing a partial batch | 5 |
| UNTRUSTED_CONTENT_WRAPPING | No | Read-side wrapping kill-switch. on/off | on |
| DEFECTDOJO_DEFAULT_FOUND_BY_ID | No | Finding type ID used in create_finding payloads | 1 |
| OPEN_ACCESS_MUTATION_RATE_LIMIT | No | Max mutations per rate window across all unauthenticated traffic | 10 |
Capabilities
Server capabilities have not been inspected yet.
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
No tools | |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/inspicere/mcp-defectdojo'
If you have feedback or need assistance with the MCP directory API, please join our Discord server