MCP.so
Sign In
D

DevSecOps Mcp

@jmstar85

About DevSecOps Mcp

A comprehensive Model Context Protocol (MCP) server that integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA) tools for AI-powered DevSecOps aut

Basic information

Category

Other

Transports

stdio

Publisher

jmstar85

Submitted by

Chris Jung

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "devsecops": {
      "command": "node",
      "args": [
        "dist/src/mcp/server.js"
      ],
      "cwd": "/path/to/DevSecOps-MCP",
      "env": {
        "NODE_ENV": "production",
        "MCP_PORT": "3000",
        "LOG_LEVEL": "info",
        "SECURITY_STRICT_MODE": "true"
      }
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is DevSecOps Mcp?

DevSecOps Mcp is an MCP server that provides a suite of security scanning tools for SAST, DAST, SCA, and IAST analysis, along with security report generation and policy validation. It is built for developers and security teams who want to integrate automated security testing into their CI/CD pipelines.

How to use DevSecOps Mcp?

The server exposes MCP tools that are invoked by an MCP client with the required input parameters (e.g., target path, scan type, tool selection). The README also includes test scripts (e.g., node test-all-security.js) for verifying functionality.

Key features of DevSecOps Mcp

  • Execute SAST scans with rules and severity thresholds.
  • Run DAST scans with configurable scan types and authentication.
  • Perform SCA dependency scans across multiple package managers.
  • Conduct IAST‑like security analysis in different environments.
  • Generate comprehensive security reports in JSON, HTML, PDF, or SARIF.
  • Validate security policies against scan results.
  • Proven accuracy: SAST 95%+, DAST 100%, SCA 100%, IAST 90%+.
  • OWASP Top 10 coverage and 20+ CWE types detected.

Use cases of DevSecOps Mcp

  • Automate static code analysis in a development workflow.
  • Scan live web applications for runtime vulnerabilities.
  • Check open‑source dependencies for known vulnerabilities.
  • Produce detailed security reports with remediation guidance.
  • Enforce security policy compliance across projects.

FAQ from DevSecOps Mcp

What security scans does DevSecOps Mcp support?

It supports SAST, DAST, SCA, and IAST scans, each with configurable parameters.

Which security tools are integrated?

SAST can use SonarQube, Semgrep, or auto‑select. SCA uses osv‑scanner, Trivy, npm‑audit, or auto. IAST supports Trivy and OWASP ZAP.

What are the verified accuracy rates?

SAST: 95%+ accuracy; DAST: 100%; SCA: 100%; IAST: 90%+ (simulated). All tests were performed on 2025-07-06.

Does it cover the OWASP Top 10?

Yes, 100% coverage of the OWASP Top 10 has been confirmed.

Which programming languages are supported?

JavaScript and Python are fully verified.

Comments

More Other MCP servers