MCP.so
Sign In
Servers

Github Dependabot MCP server

@avarant

mcp server for github dependabot

Overview

What is Github Dependabot MCP server?

The Github Dependabot MCP server fetches Github Dependabot alerts for a specified repository. It is intended for developers who use MCP-capable tools (e.g., Claude, Cursor) and need to retrieve security alerts from a Github repository.

How to use Github Dependabot MCP server?

Install uv (a fast Python package installer), then clone the repository. Set up a Github Personal Access Token with repo and security_events scopes, either via macOS Keychain or the GITHUB_PERSONAL_ACCESS_TOKEN environment variable. Finally, add the server to your MCP configuration (e.g., ~/.cursor/mcp.json) using the uv command as shown in the README. The server provides one tool: get_dependabot_alerts(repo_owner, repo_name), which returns a list of alert objects from the Github API.

Key features of Github Dependabot MCP server

  • Fetches Dependabot alerts via Github API
  • Single tool: get_dependabot_alerts(repo_owner, repo_name)
  • Supports token authentication via Keychain or environment variable
  • Runs with uv for fast, dependency‑managed execution
  • Designed for use with MCP‑compatible clients (e.g., Cursor)

Use cases of Github Dependabot MCP server

  • Monitor Dependabot alerts for a specific repository within an AI‑assisted coding environment
  • Automate security review by feeding alerts into a conversation with an MCP‑capable assistant
  • Integrate Dependabot alert retrieval into a broader MCP‑based workflow

FAQ from Github Dependabot MCP server

What does this server do differently from the standard mcp/github server?

It focuses solely on fetching Dependabot alerts via a dedicated tool (get_dependabot_alerts), rather than providing broad Github API access.

What dependencies are required to run the server?

The server requires uv (a Python package installer/resolver) and a Github Personal Access Token with repo and security_events scopes.

Where does the data come from?

All alert data is fetched live from the Github REST API using the provided token.

How is authentication handled?

The server first attempts to read the token from the macOS Keychain (via keyring). If that fails, it falls back to the GITHUB_PERSONAL_ACCESS_TOKEN environment variable. It will also try to store the token in the Keychain for future use if it was provided via environment variable.

What transport does the server use?

The server communicates over stdin/stdout using the MCP protocol, as configured in the MCP client’s mcp.json with uv run mcp run main.py.

More from Version Control