Skip to main content
Glama
jamiesonio

DefectDojo MCP Server

by jamiesonio
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

create_engagement

Initiate a new engagement in DefectDojo by defining product details, target timelines, and status to manage vulnerability assessments effectively.

Instructions

Create a new engagement

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
branch_tagNo
build_idNo
commit_hashNo
deduplication_on_engagementNo
descriptionNo
engagement_typeNo
lead_idNo
nameYes
product_idYes
statusYes
tagsNo
target_endYes
target_startYes
versionNo

Implementation Reference

  • src/defectdojo/engagements_tools.py:63-121 (handler)
    The primary handler function for the 'create_engagement' MCP tool. It validates input parameters, constructs the API payload, calls the DefectDojo client to create the engagement, and returns a structured success/error response.
    async def create_engagement(product_id: int, name: str, target_start: str, target_end: str, status: str, lead_id: int = None, description: str = None, version: str = None, build_id: str = None, commit_hash: str = None, branch_tag: str = None, engagement_type: str = None, deduplication_on_engagement: bool = None, tags: list = None):
    """
    Creates a new engagement in DefectDojo.

    Args:
        product_id: ID of the product.
        name: Name of the engagement.
        target_start: Start date (YYYY-MM-DD).
        target_end: End date (YYYY-MM-DD).
        status: Engagement status ('Not Started', 'Blocked', 'Cancelled', 'Completed', 'In Progress', 'On Hold', 'Waiting for Resource').
        lead_id: Optional ID of the engagement lead (user ID).
        description: Optional engagement description.
        version: Optional product version tested.
        build_id: Optional build ID.
        commit_hash: Optional commit hash.
        branch_tag: Optional branch or tag.
        engagement_type: Optional engagement type ('Interactive' or 'CI/CD').
        deduplication_on_engagement: Optional flag to enable deduplication within this engagement.
        tags: Optional list of tags.

    Returns:
        JSON response from the API.
    """
    # endpoint = "/api/v2/engagements/" # Endpoint handled by client method
    valid_statuses = ["Not Started", "Blocked", "Cancelled", "Completed", "In Progress", "On Hold", "Waiting for Resource"]
    if status not in valid_statuses:
        # Use raise ValueError for internal validation errors
        raise ValueError(f"Invalid status '{status}'. Must be one of: {', '.join(valid_statuses)}")

    # Validate engagement_type if provided
    if engagement_type and engagement_type not in ["Interactive", "CI/CD"]:
         raise ValueError(f"Invalid engagement_type '{engagement_type}'. Must be 'Interactive' or 'CI/CD'.")

    data = {
        "product": product_id,
        "name": name,
        "target_start": target_start,
        "target_end": target_end,
        "status": status, # Use API expected casing directly
    }
    # Add optional fields cleanly
    if lead_id is not None: data["lead"] = lead_id
    if description is not None: data["description"] = description
    if version is not None: data["version"] = version
    if build_id is not None: data["build_id"] = build_id
    if commit_hash is not None: data["commit_hash"] = commit_hash
    if branch_tag is not None: data["branch_tag"] = branch_tag
    if engagement_type is not None: data["engagement_type"] = engagement_type
    if deduplication_on_engagement is not None: data["deduplication_on_engagement"] = deduplication_on_engagement
    if tags is not None: data["tags"] = tags # Assumes API accepts list directly

    client = get_client()
    result = await client.create_engagement(data)

    # Return structured response
    if "error" in result:
        return {"status": "error", "error": result["error"], "details": result.get("details", "")}

    return {"status": "success", "data": result}
  • src/defectdojo/tools.py:74-78 (registration)
    Main registration of the 'create_engagement' tool using mcp.tool() in the central tools.py registration function. Imports the handler from engagements_tools.py.
    mcp.tool(
    name="create_engagement",
    description="Create a new engagement in DefectDojo"
    # Schema inferred from type hints and docstring
)(create_engagement)
  • src/defectdojo/engagements_tools.py:227-233 (registration)
    Modular registration function in engagements_tools.py that registers the 'create_engagement' tool (along with related engagement tools). This may be called internally or for testing.
    def register_tools(mcp):
    """Register engagement-related tools with the MCP server instance."""
    mcp.tool(name="list_engagements", description="List engagements with optional filtering and pagination support")(list_engagements)
    mcp.tool(name="get_engagement", description="Get a specific engagement by ID")(get_engagement)
    mcp.tool(name="create_engagement", description="Create a new engagement")(create_engagement)
    mcp.tool(name="update_engagement", description="Update an existing engagement")(update_engagement)
    mcp.tool(name="close_engagement", description="Close an engagement")(close_engagement)
  • src/defectdojo/client.py:78-80 (helper)
    Helper method in DefectDojoClient that performs the actual HTTP POST request to create an engagement. Called by the tool handler.
    async def create_engagement(self, data: Dict[str, Any]) -> Dict[str, Any]:
    """Create a new engagement."""
    return await self._request("POST", "/api/v2/engagements/", json=data)

Tool Definition Quality

D1.7/5.0
Behavior1/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden for behavioral disclosure. 'Create a new engagement' implies a write/mutation operation, but it doesn't describe what happens upon creation (e.g., whether it returns an ID, triggers notifications, or affects other resources), any authentication or permission requirements, rate limits, or error conditions. For a creation tool with 14 parameters and no annotation coverage, this is critically inadequate.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is extremely concise—a single three-word phrase—with no wasted words. It's front-loaded with the core action ('Create'), though this brevity comes at the cost of completeness. For conciseness alone, it scores perfectly as it says nothing unnecessary, but this doesn't imply quality in other dimensions.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness1/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (14 parameters, 5 required), lack of annotations, no output schema, and 0% schema description coverage, the description is completely inadequate. It doesn't explain what an engagement is, how to use the tool effectively, what parameters do, or what to expect upon success/failure. For a creation tool in a system with multiple engagement-related siblings, this leaves the agent with insufficient context to operate correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters1/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, meaning none of the 14 parameters have descriptions in the schema. The tool description adds no information about what parameters like 'engagement_type', 'deduplication_on_engagement', or 'tags' mean, their expected formats, or how they influence the creation process. With many parameters and zero coverage, the description fails to compensate, leaving the agent to guess at semantics.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose2/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description 'Create a new engagement' is a tautology that merely restates the tool name without adding meaningful context. It doesn't specify what an 'engagement' is in this domain, what resources it involves, or how it differs from sibling tools like 'update_engagement' or 'close_engagement'. While it uses a clear verb ('create'), the resource ('engagement') remains undefined and indistinguishable from related operations.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines1/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., needing a product_id or lead_id), when to choose 'create_engagement' over 'update_engagement' or 'close_engagement', or any constraints like permissions or timing. With multiple sibling tools for managing engagements, this lack of differentiation is a significant gap.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jamiesonio/defectdojo-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server