DevSecOps Mcp
@jmstar85
DevSecOps Mcp について
A comprehensive Model Context Protocol (MCP) server that integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA) tools for AI-powered DevSecOps aut
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"devsecops": {
"command": "node",
"args": [
"dist/src/mcp/server.js"
],
"cwd": "/path/to/DevSecOps-MCP",
"env": {
"NODE_ENV": "production",
"MCP_PORT": "3000",
"LOG_LEVEL": "info",
"SECURITY_STRICT_MODE": "true"
}
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is DevSecOps Mcp?
DevSecOps Mcp is an MCP server that provides a suite of security scanning tools for SAST, DAST, SCA, and IAST analysis, along with security report generation and policy validation. It is built for developers and security teams who want to integrate automated security testing into their CI/CD pipelines.
How to use DevSecOps Mcp?
The server exposes MCP tools that are invoked by an MCP client with the required input parameters (e.g., target path, scan type, tool selection). The README also includes test scripts (e.g., node test-all-security.js) for verifying functionality.
Key features of DevSecOps Mcp
- Execute SAST scans with rules and severity thresholds.
- Run DAST scans with configurable scan types and authentication.
- Perform SCA dependency scans across multiple package managers.
- Conduct IAST‑like security analysis in different environments.
- Generate comprehensive security reports in JSON, HTML, PDF, or SARIF.
- Validate security policies against scan results.
- Proven accuracy: SAST 95%+, DAST 100%, SCA 100%, IAST 90%+.
- OWASP Top 10 coverage and 20+ CWE types detected.
Use cases of DevSecOps Mcp
- Automate static code analysis in a development workflow.
- Scan live web applications for runtime vulnerabilities.
- Check open‑source dependencies for known vulnerabilities.
- Produce detailed security reports with remediation guidance.
- Enforce security policy compliance across projects.
FAQ from DevSecOps Mcp
What security scans does DevSecOps Mcp support?
It supports SAST, DAST, SCA, and IAST scans, each with configurable parameters.
Which security tools are integrated?
SAST can use SonarQube, Semgrep, or auto‑select. SCA uses osv‑scanner, Trivy, npm‑audit, or auto. IAST supports Trivy and OWASP ZAP.
What are the verified accuracy rates?
SAST: 95%+ accuracy; DAST: 100%; SCA: 100%; IAST: 90%+ (simulated). All tests were performed on 2025-07-06.
Does it cover the OWASP Top 10?
Yes, 100% coverage of the OWASP Top 10 has been confirmed.
Which programming languages are supported?
JavaScript and Python are fully verified.
「その他」の他のコンテンツ
Core Philosophy: Connect, Unify, Respond
mindsdbDelegate anything. It comes back done.
MCP Go 🚀
mark3labsA Go implementation of the Model Context Protocol (MCP), enabling seamless integration between LLM applications and external data sources and tools.
FastMCP v2 🚀
jlowin🚀 The fast, Pythonic way to build MCP servers and clients.
Nginx UI
0xJackyYet another WebUI for Nginx
Unity MCP ✨
justinpbarnettUnity MCP acts as a bridge between AI assistants and your Unity Editor. Give your LLM tools to manage assets, control scenes, edit scripts, and automate tasks within Unity.
コメント