Submit

DevSecOps Mcp

@jmstar85

Visit Server
a year ago
A comprehensive Model Context Protocol (MCP) server that integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA) tools for AI-powered DevSecOps automation.
OverviewToolsComments
Overview

DevSecOps MCP Server A comprehensive Model Context Protocol (MCP) server that integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA) tools for AI-powered DevSecOps automation.

🚀 Features SAST Integration: ✅ Semgrep, Bandit (verified) DAST Integration: ✅ OWASP ZAP (verified) IAST Integration: ✅ Trivy + OWASP ZAP hybrid (verified) SCA Integration: ✅ npm audit, OSV Scanner, Trivy (verified) Comprehensive Security Reports: JSON, HTML, PDF, SARIF formats Policy Enforcement: Configurable security thresholds and gates Docker Support: Full containerization with security tools Real-time Monitoring: Performance metrics and logging 100% Open Source: No commercial tool dependencies AI-Powered Analysis: Claude integration for intelligent security insights 🛠️ Architecture src/ ├── mcp/ │ ├── server.ts # Main MCP server │ ├── tools/ │ │ ├── sast-tool.ts # SAST integration │ │ ├── dast-tool.ts # DAST integration
│ │ ├── iast-tool.ts # IAST integration │ │ └── sca-tool.ts # SCA integration │ └── connectors/ │ ├── sonarqube.ts │ ├── zap.ts │ ├── trivy.ts │ └── osv-scanner.ts ├── config/ │ ├── security-rules.yml │ └── tool-configs.json └── tests/security/

🎯 Summary DevSecOps MCP Server is an AI-powered security automation platform verified through real-world testing:

Key Achievements ✅ 80+ real vulnerabilities detected (SAST: 60+, DAST: 5+, SCA: 20+) OWASP Top 10 100% coverage verification completed All 4 security test types integrated (SAST, DAST, IAST, SCA) Fully open source based (commercial tool dependencies removed) Claude AI integration ready Ready to Use 🚀

Setup and test in under 5 minutes

pip3 install semgrep bandit git clone && cd DevSecOps-MCP node test-all-security.js Differentiators 💡 AI Native: Natural language security analysis with Claude Proven Performance: Tested with real vulnerabilities Zero Cost: Completely free and open source Plug & Play: Ready-to-use configuration Built with security in mind for modern DevSecOps workflows 🛡️

"The future of security is AI-powered, open, and automated."

Try in Playground

Server Config

{
  "mcpServers": {
    "devsecops": {
      "command": "node",
      "args": [
        "dist/src/mcp/server.js"
      ],
      "cwd": "/path/to/DevSecOps-MCP",
      "env": {
        "NODE_ENV": "production",
        "MCP_PORT": "3000",
        "LOG_LEVEL": "info",
        "SECURITY_STRICT_MODE": "true"
      }
    }
  }
}
© 2025 MCP.so. All rights reserved.

Build with ShipAny.