MCP.so
Sign In

Bright Security Mcp

@NeuraLegion

About Bright Security Mcp

Bright's MCP repo with relevant docs

Basic information

Category

Developer Tools

Transports

stdio

Publisher

NeuraLegion

Submitted by

Or Rubin

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "brightsec.com": {
      "type": "sse",
      "url": "https://app.brightsec.com/mcp",
      "headers": {
        "Authorization": "Api-Key ${input:apiKey}"
      }
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Bright Security Mcp?

Bright Security Mcp is a remote, cloud-hosted MCP server that brings AI‑powered application security testing into your development workflow. Your AI coding assistant can discover API endpoints, run security scans, and review vulnerabilities — all through natural language conversation. There is nothing to install locally; you simply point your MCP‑compatible client at Bright’s endpoint and authenticate with an API key.

How to use Bright Security Mcp?

  1. Create a dedicated Bright API key (personal, project, or organization‑level).
  2. Configure your MCP client (VS Code, Cursor, Windsurf, Augment Code, or any generic MCP client) to connect to https://app.brightsec.com/mcp using SSE transport with the Authorization: Api-Key YOUR_API_KEY header.
  3. Ask your AI assistant a natural language question such as “Scan https://my-app.example.com for security vulnerabilities” – the assistant will then use the available tools to perform the action.

Key features of Bright Security Mcp

  • Remote, cloud‑hosted MCP server – no local installation required.
  • Discover API endpoints via crawling or OpenAPI/Swagger definitions.
  • Run automated security scans against discovered entrypoints.
  • Manage vulnerabilities with filtering by severity and status.
  • Support for private/local applications via Bright Repeater agents.
  • Configure authentication (OAuth, headers, browser flows) for protected endpoints.

Use cases of Bright Security Mcp

  • Scan a public web application for vulnerabilities directly from your IDE.
  • Discover API endpoints from an OpenAPI specification and then scan them.
  • Scan a local or private application by setting up a repeater tunnel.
  • Check for critical and high‑severity issues in your project.
  • Run authenticated scans on APIs that require Bearer tokens or OAuth.

FAQ from Bright Security Mcp

Is Bright Security Mcp installed locally?

No. Bright Security Mcp is a remote, cloud‑hosted MCP server. You only configure your client to connect to https://app.brightsec.com/mcp and authenticate with an API key.

How do I authenticate my AI assistant with Bright?

You provide an API key in the Authorization header when configuring the MCP client. The format is Api-Key YOUR_API_KEY. The key can be personal, project, or organization‑level.

Can I scan applications that are not publicly accessible?

Yes. Bright uses Repeaters – lightweight agents that route scan traffic from Bright’s cloud through your local network. You create a repeater via the createRepeater tool and start it with the Bright CLI.

What security tests can be run?

Bright exposes various security tests (e.g., SQL injection, XSS, CSRF). You can list all available tests using the listTests tool and choose which to include in a scan.

Are there any data residency considerations?

If your organization uses a dedicated Bright cluster, replace app.brightsec.com in the server URL with your cluster’s hostname. Otherwise, all data is processed on Bright’s cloud platform.

Comments

More Developer Tools MCP servers