armorcode-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| ARMORCODE_URL | Yes | Tenant base URL for ArmorCode | |
| ARMORCODE_API_TOKEN | Yes | API token from Manage → Integrations → API | |
| ARMORCODE_WRITE_ENABLED | No | Set 'true' to apply writes with dryRun: false | false |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| armorcode_healthA | Verify ArmorCode API connectivity. |
| armorcode_search_findingsA | Search/filter ArmorCode findings. Severity and excludeTagPrefix are applied client-side when server filters fail. Use fetchAll=true to paginate. |
| armorcode_get_findingC | Full finding details by ID. |
| armorcode_get_finding_eventsC | Audit events for a finding. |
| armorcode_confirm_findingC | Confirm Finding. dryRun defaults true. |
| armorcode_control_findingC | Control Finding. dryRun defaults true. |
| armorcode_accept_riskD | Accept Risk. dryRun defaults true. |
| armorcode_mark_false_positiveD | False Positive. dryRun defaults true. |
| armorcode_reopen_findingC | Reopen Finding. dryRun defaults true. |
| armorcode_triage_findingD | Triage Finding. dryRun defaults true. |
| armorcode_mitigate_findingC | Mitigate Finding. dryRun defaults true. |
| armorcode_suppress_findingC | Suppress Finding. dryRun defaults true. |
| armorcode_block_findingC | Block via accept-risk (fix unavailable). dryRun defaults true. |
| armorcode_add_commentC | Add comment to finding. dryRun defaults true. |
| armorcode_add_exploitability_commentD | Structured exploitable/notexploitable comment. dryRun defaults true. |
| armorcode_add_finding_tagsA | Add/remove finding tags only (no comment). For exploitability triage use armorcode_set_product_exploitability. dryRun defaults true. |
| armorcode_set_product_exploitabilityB | Triage exploitability: adds comment first, then product_exploitability tag. dryRun defaults true. |
| armorcode_bulk_set_product_exploitabilityB | Triage multiple findings: comment first, then product_exploitability tag per finding. dryRun defaults true. |
| armorcode_update_finding_severityC | Update finding severity. dryRun defaults true. |
| armorcode_get_findings_statsC | Finding counts by severity/status. |
| armorcode_get_severity_statsC | Severity breakdown for product/subproduct. |
| armorcode_list_productsC | List ArmorCode products/groups. |
| armorcode_list_subproductsC | List subproducts, optionally by product. |
| armorcode_get_product_risk_scoreC | Risk score for a product by name. |
| armorcode_get_subproduct_risk_scoreC | Risk score for a subproduct. |
| armorcode_get_all_product_risk_scoresC | Risk scores for all products. |
| armorcode_list_scansC | List security scans with filters. |
| armorcode_get_scanC | Scan details by ID. |
| armorcode_execute_scanC | Trigger scan for subproduct. dryRun defaults true. |
| armorcode_list_exceptionsC | Open risk register exceptions. |
| armorcode_get_exceptionC | Exception details by ID. |
| armorcode_create_exceptionC | Create risk register exception. dryRun defaults true. |
| armorcode_trigger_scan_pullC | Create temporary scheduler for PULL tools (e.g. Black Duck). dryRun defaults true. |
| armorcode_list_scan_schedulersD | Schedulers for a security tool. |
| armorcode_delete_scan_schedulerC | Delete scheduler config. dryRun defaults true. |
| armorcode_release_gate_statusC | Check ArmorCode release gate (/client/build). |
| armorcode_apiC | Escape hatch for any ArmorCode REST path. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/raviraj-ntp/armorcode-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server