DevSecOps Mcp
@jmstar85
About DevSecOps Mcp
A comprehensive Model Context Protocol (MCP) server that integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA) tools for AI-powered DevSecOps aut
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"devsecops": {
"command": "node",
"args": [
"dist/src/mcp/server.js"
],
"cwd": "/path/to/DevSecOps-MCP",
"env": {
"NODE_ENV": "production",
"MCP_PORT": "3000",
"LOG_LEVEL": "info",
"SECURITY_STRICT_MODE": "true"
}
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is DevSecOps Mcp?
DevSecOps Mcp is an MCP server that provides a suite of security scanning tools for SAST, DAST, SCA, and IAST analysis, along with security report generation and policy validation. It is built for developers and security teams who want to integrate automated security testing into their CI/CD pipelines.
How to use DevSecOps Mcp?
The server exposes MCP tools that are invoked by an MCP client with the required input parameters (e.g., target path, scan type, tool selection). The README also includes test scripts (e.g., node test-all-security.js) for verifying functionality.
Key features of DevSecOps Mcp
- Execute SAST scans with rules and severity thresholds.
- Run DAST scans with configurable scan types and authentication.
- Perform SCA dependency scans across multiple package managers.
- Conduct IAST‑like security analysis in different environments.
- Generate comprehensive security reports in JSON, HTML, PDF, or SARIF.
- Validate security policies against scan results.
- Proven accuracy: SAST 95%+, DAST 100%, SCA 100%, IAST 90%+.
- OWASP Top 10 coverage and 20+ CWE types detected.
Use cases of DevSecOps Mcp
- Automate static code analysis in a development workflow.
- Scan live web applications for runtime vulnerabilities.
- Check open‑source dependencies for known vulnerabilities.
- Produce detailed security reports with remediation guidance.
- Enforce security policy compliance across projects.
FAQ from DevSecOps Mcp
What security scans does DevSecOps Mcp support?
It supports SAST, DAST, SCA, and IAST scans, each with configurable parameters.
Which security tools are integrated?
SAST can use SonarQube, Semgrep, or auto‑select. SCA uses osv‑scanner, Trivy, npm‑audit, or auto. IAST supports Trivy and OWASP ZAP.
What are the verified accuracy rates?
SAST: 95%+ accuracy; DAST: 100%; SCA: 100%; IAST: 90%+ (simulated). All tests were performed on 2025-07-06.
Does it cover the OWASP Top 10?
Yes, 100% coverage of the OWASP Top 10 has been confirmed.
Which programming languages are supported?
JavaScript and Python are fully verified.
More Other MCP servers
Inbox Zero AI MCP
elie222The world's best AI personal assistant for email. Open source app to help you reach inbox zero fast.
MaxKB
1Panel-dev🔥 MaxKB is an open-source platform for building enterprise-grade agents. 强大易用的开源企业级智能体平台。
Awesome Mlops
visengerA curated list of references for MLOps
Mcp
browsermcpBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
IDA Pro MCP
mrexodiaAI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Comments