MCP.so
ログイン

Bright Security Mcp

@NeuraLegion

Bright Security Mcp について

Bright's MCP repo with relevant docs

基本情報

カテゴリ

開発者ツール

トランスポート

stdio

公開者

NeuraLegion

投稿者

Or Rubin

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "brightsec.com": {
      "type": "sse",
      "url": "https://app.brightsec.com/mcp",
      "headers": {
        "Authorization": "Api-Key ${input:apiKey}"
      }
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Bright Security Mcp?

Bright Security Mcp is a remote, cloud-hosted MCP server that brings AI‑powered application security testing into your development workflow. Your AI coding assistant can discover API endpoints, run security scans, and review vulnerabilities — all through natural language conversation. There is nothing to install locally; you simply point your MCP‑compatible client at Bright’s endpoint and authenticate with an API key.

How to use Bright Security Mcp?

  1. Create a dedicated Bright API key (personal, project, or organization‑level).
  2. Configure your MCP client (VS Code, Cursor, Windsurf, Augment Code, or any generic MCP client) to connect to https://app.brightsec.com/mcp using SSE transport with the Authorization: Api-Key YOUR_API_KEY header.
  3. Ask your AI assistant a natural language question such as “Scan https://my-app.example.com for security vulnerabilities” – the assistant will then use the available tools to perform the action.

Key features of Bright Security Mcp

  • Remote, cloud‑hosted MCP server – no local installation required.
  • Discover API endpoints via crawling or OpenAPI/Swagger definitions.
  • Run automated security scans against discovered entrypoints.
  • Manage vulnerabilities with filtering by severity and status.
  • Support for private/local applications via Bright Repeater agents.
  • Configure authentication (OAuth, headers, browser flows) for protected endpoints.

Use cases of Bright Security Mcp

  • Scan a public web application for vulnerabilities directly from your IDE.
  • Discover API endpoints from an OpenAPI specification and then scan them.
  • Scan a local or private application by setting up a repeater tunnel.
  • Check for critical and high‑severity issues in your project.
  • Run authenticated scans on APIs that require Bearer tokens or OAuth.

FAQ from Bright Security Mcp

Is Bright Security Mcp installed locally?

No. Bright Security Mcp is a remote, cloud‑hosted MCP server. You only configure your client to connect to https://app.brightsec.com/mcp and authenticate with an API key.

How do I authenticate my AI assistant with Bright?

You provide an API key in the Authorization header when configuring the MCP client. The format is Api-Key YOUR_API_KEY. The key can be personal, project, or organization‑level.

Can I scan applications that are not publicly accessible?

Yes. Bright uses Repeaters – lightweight agents that route scan traffic from Bright’s cloud through your local network. You create a repeater via the createRepeater tool and start it with the Bright CLI.

What security tests can be run?

Bright exposes various security tests (e.g., SQL injection, XSS, CSRF). You can list all available tests using the listTests tool and choose which to include in a scan.

Are there any data residency considerations?

If your organization uses a dedicated Bright cluster, replace app.brightsec.com in the server URL with your cluster’s hostname. Otherwise, all data is processed on Bright’s cloud platform.

コメント

「開発者ツール」の他のコンテンツ