MCP.so
Sign In
Servers

Cycode

@cycodehq

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

Overview

What is Cycode?

Cycode is an MCP server that exposes Cycode's scanning capabilities to AI systems via the Model Context Protocol. It allows AI models to interact with Cycode CLI tools for security scanning.

How to use Cycode?

Install the Cycode CLI globally (pip install cycode or brew install cycode), authenticate with cycode auth, then start the server with the command cycode mcp. The server supports stdio, sse, and streamable-http transports.

Key features of Cycode

  • Exposes Cycode scanning tools to AI systems via MCP.
  • Supports three transport types: stdio, SSE, streamable-http.
  • Provides five scanning and status tools.
  • Configurable host and port for non-stdio transports.
  • Requires Python 3.10 or later.
  • Debug logging available via -v or environment variable.

Use cases of Cycode

  • Scan files for hardcoded secrets using cycode_secret_scan.
  • Perform Software Composition Analysis for vulnerabilities and license issues.
  • Detect Infrastructure as Code misconfigurations.
  • Run Static Application Security Testing for code quality and security flaws.
  • Check Cycode CLI version, authentication status, and configuration.

FAQ from Cycode

What Python versions are supported?

The MCP command is available only for Python 3.10 and above.

What authentication is required?

You must authenticate Cycode CLI using cycode auth or configure CYCODE_CLIENT_ID and CYCODE_CLIENT_SECRET environment variables.

How do I start the server with different transports?

Use -t option: cycode mcp -t stdio, cycode mcp -t sse -p 8080, or cycode mcp -t streamable-http -H 0.0.0.0 -p 9000.

Can I run the server in the background?

Yes, for SSE or streamable-HTTP transports you can start the server with & and then configure the client URL.

Where can I find debug logs?

Enable debug logging with cycode -v mcp or set CYCODE_CLI_VERBOSE=1.

Tags

More from Developer Tools