MCP.so
ログイン
D

DevSecOps Mcp

@jmstar85

DevSecOps Mcp について

A comprehensive Model Context Protocol (MCP) server that integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA) tools for AI-powered DevSecOps aut

基本情報

カテゴリ

その他

トランスポート

stdio

公開者

jmstar85

投稿者

Chris Jung

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "devsecops": {
      "command": "node",
      "args": [
        "dist/src/mcp/server.js"
      ],
      "cwd": "/path/to/DevSecOps-MCP",
      "env": {
        "NODE_ENV": "production",
        "MCP_PORT": "3000",
        "LOG_LEVEL": "info",
        "SECURITY_STRICT_MODE": "true"
      }
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is DevSecOps Mcp?

DevSecOps Mcp is an MCP server that provides a suite of security scanning tools for SAST, DAST, SCA, and IAST analysis, along with security report generation and policy validation. It is built for developers and security teams who want to integrate automated security testing into their CI/CD pipelines.

How to use DevSecOps Mcp?

The server exposes MCP tools that are invoked by an MCP client with the required input parameters (e.g., target path, scan type, tool selection). The README also includes test scripts (e.g., node test-all-security.js) for verifying functionality.

Key features of DevSecOps Mcp

  • Execute SAST scans with rules and severity thresholds.
  • Run DAST scans with configurable scan types and authentication.
  • Perform SCA dependency scans across multiple package managers.
  • Conduct IAST‑like security analysis in different environments.
  • Generate comprehensive security reports in JSON, HTML, PDF, or SARIF.
  • Validate security policies against scan results.
  • Proven accuracy: SAST 95%+, DAST 100%, SCA 100%, IAST 90%+.
  • OWASP Top 10 coverage and 20+ CWE types detected.

Use cases of DevSecOps Mcp

  • Automate static code analysis in a development workflow.
  • Scan live web applications for runtime vulnerabilities.
  • Check open‑source dependencies for known vulnerabilities.
  • Produce detailed security reports with remediation guidance.
  • Enforce security policy compliance across projects.

FAQ from DevSecOps Mcp

What security scans does DevSecOps Mcp support?

It supports SAST, DAST, SCA, and IAST scans, each with configurable parameters.

Which security tools are integrated?

SAST can use SonarQube, Semgrep, or auto‑select. SCA uses osv‑scanner, Trivy, npm‑audit, or auto. IAST supports Trivy and OWASP ZAP.

What are the verified accuracy rates?

SAST: 95%+ accuracy; DAST: 100%; SCA: 100%; IAST: 90%+ (simulated). All tests were performed on 2025-07-06.

Does it cover the OWASP Top 10?

Yes, 100% coverage of the OWASP Top 10 has been confirmed.

Which programming languages are supported?

JavaScript and Python are fully verified.

コメント

「その他」の他のコンテンツ