Cycode
@cycodehq
About Cycode
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"cycode": {
"command": "uvx",
"args": [
"cycode",
"mcp"
],
"env": {
"CYCODE_CLIENT_ID": "your-cycode-id",
"CYCODE_CLIENT_SECRET": "your-cycode-secret-key",
"CYCODE_API_URL": "https://api.cycode.com",
"CYCODE_APP_URL": "https://app.cycode.com"
}
}
}
}Tools
5Get Cycode CLI version, authentication status, and configuration information. Use this tool when you need to: - verify Cycode CLI is properly configured - check authentication status - get CLI version information - troubleshoot setup issues - confirm service connectivity Returns: JSON string containing CLI status, version, and configuration details
Scan files for hardcoded secrets. Use this tool when you need to: - scan code for hardcoded secrets, API keys, passwords, tokens - verify that code doesn't contain exposed credentials - detect potential security vulnerabilities from secret exposure Args: files: Dictionary mapping file paths to their content Returns: JSON string containing scan results and any secrets found
Scan files for Software Composition Analysis (SCA) - vulnerabilities and license issues. Use this tool when you need to: - scan dependencies for known security vulnerabilities - check for license compliance issues - analyze third-party component risks - verify software supply chain security - review package.json, requirements.txt, pom.xml and other dependency files Important: You must also include lock files (like package-lock.json, Pipfile.lock, etc.) to get accurate results. You must provide manifest and lock files together. Args: files: Dictionary mapping file paths to their content Returns: JSON string containing scan results, vulnerabilities, and license issues found
Scan files for Infrastructure as Code (IaC) misconfigurations. Use this tool when you need to: - scan Terraform, CloudFormation, Kubernetes YAML files - check for cloud security misconfigurations - verify infrastructure compliance and best practices - detect potential security issues in infrastructure definitions - review Docker files for security issues Args: files: Dictionary mapping file paths to their content Returns: JSON string containing scan results and any misconfigurations found
Scan files for Static Application Security Testing (SAST) - code quality and security flaws. Use this tool when you need to: - scan source code for security vulnerabilities - detect code quality issues and potential bugs - check for insecure coding practices - verify code follows security best practices - find SQL injection, XSS, and other application security issues Args: files: Dictionary mapping file paths to their content Returns: JSON string containing scan results and any security flaws found
Overview
What is Cycode?
Cycode is an MCP server that exposes Cycode's scanning capabilities to AI systems via the Model Context Protocol. It allows AI models to interact with Cycode CLI tools for security scanning.
How to use Cycode?
Install the Cycode CLI globally (pip install cycode or brew install cycode), authenticate with cycode auth, then start the server with the command cycode mcp. The server supports stdio, sse, and streamable-http transports.
Key features of Cycode
- Exposes Cycode scanning tools to AI systems via MCP.
- Supports three transport types: stdio, SSE, streamable-http.
- Provides five scanning and status tools.
- Configurable host and port for non-stdio transports.
- Requires Python 3.10 or later.
- Debug logging available via
-vor environment variable.
Use cases of Cycode
- Scan files for hardcoded secrets using
cycode_secret_scan. - Perform Software Composition Analysis for vulnerabilities and license issues.
- Detect Infrastructure as Code misconfigurations.
- Run Static Application Security Testing for code quality and security flaws.
- Check Cycode CLI version, authentication status, and configuration.
FAQ from Cycode
What Python versions are supported?
The MCP command is available only for Python 3.10 and above.
What authentication is required?
You must authenticate Cycode CLI using cycode auth or configure CYCODE_CLIENT_ID and CYCODE_CLIENT_SECRET environment variables.
How do I start the server with different transports?
Use -t option: cycode mcp -t stdio, cycode mcp -t sse -p 8080, or cycode mcp -t streamable-http -H 0.0.0.0 -p 9000.
Can I run the server in the background?
Yes, for SSE or streamable-HTTP transports you can start the server with & and then configure the client URL.
Where can I find debug logs?
Enable debug logging with cycode -v mcp or set CYCODE_CLI_VERBOSE=1.
More Developer Tools MCP servers
test
cloudwegoThe ultimate LLM/AI application development framework in Go.
MCP Framework
QuantGeekDevThe Typescript MCP Framework
JetBrains MCP Proxy Server
JetBrainsA model context protocol server to work with JetBrains IDEs: IntelliJ, PyCharm, WebStorm, etc. Also, works with Android Studio
Deepwiki MCP Server
regenrek📖 MCP server for fetch deepwiki.com and get latest knowledge in Cursor and other Code Editors
Grafana MCP server
grafanaMCP server for Grafana
Comments