Bright Security Mcp
@NeuraLegion
About Bright Security Mcp
Bright's MCP repo with relevant docs
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"brightsec.com": {
"type": "sse",
"url": "https://app.brightsec.com/mcp",
"headers": {
"Authorization": "Api-Key ${input:apiKey}"
}
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Bright Security Mcp?
Bright Security Mcp is a remote, cloud-hosted MCP server that brings AI‑powered application security testing into your development workflow. Your AI coding assistant can discover API endpoints, run security scans, and review vulnerabilities — all through natural language conversation. There is nothing to install locally; you simply point your MCP‑compatible client at Bright’s endpoint and authenticate with an API key.
How to use Bright Security Mcp?
- Create a dedicated Bright API key (personal, project, or organization‑level).
- Configure your MCP client (VS Code, Cursor, Windsurf, Augment Code, or any generic MCP client) to connect to
https://app.brightsec.com/mcpusing SSE transport with theAuthorization: Api-Key YOUR_API_KEYheader. - Ask your AI assistant a natural language question such as “Scan https://my-app.example.com for security vulnerabilities” – the assistant will then use the available tools to perform the action.
Key features of Bright Security Mcp
- Remote, cloud‑hosted MCP server – no local installation required.
- Discover API endpoints via crawling or OpenAPI/Swagger definitions.
- Run automated security scans against discovered entrypoints.
- Manage vulnerabilities with filtering by severity and status.
- Support for private/local applications via Bright Repeater agents.
- Configure authentication (OAuth, headers, browser flows) for protected endpoints.
Use cases of Bright Security Mcp
- Scan a public web application for vulnerabilities directly from your IDE.
- Discover API endpoints from an OpenAPI specification and then scan them.
- Scan a local or private application by setting up a repeater tunnel.
- Check for critical and high‑severity issues in your project.
- Run authenticated scans on APIs that require Bearer tokens or OAuth.
FAQ from Bright Security Mcp
Is Bright Security Mcp installed locally?
No. Bright Security Mcp is a remote, cloud‑hosted MCP server. You only configure your client to connect to https://app.brightsec.com/mcp and authenticate with an API key.
How do I authenticate my AI assistant with Bright?
You provide an API key in the Authorization header when configuring the MCP client. The format is Api-Key YOUR_API_KEY. The key can be personal, project, or organization‑level.
Can I scan applications that are not publicly accessible?
Yes. Bright uses Repeaters – lightweight agents that route scan traffic from Bright’s cloud through your local network. You create a repeater via the createRepeater tool and start it with the Bright CLI.
What security tests can be run?
Bright exposes various security tests (e.g., SQL injection, XSS, CSRF). You can list all available tests using the listTests tool and choose which to include in a scan.
Are there any data residency considerations?
If your organization uses a dedicated Bright cluster, replace app.brightsec.com in the server URL with your cluster’s hostname. Otherwise, all data is processed on Bright’s cloud platform.
More Developer Tools MCP servers
MCP Framework
QuantGeekDevThe Typescript MCP Framework
Hello World MCP Server (Reference Extension)
anthropicsDesktop Extensions: One-click local MCP server installation in desktop apps
Burp Suite MCP Server Extension
PortSwiggerMCP Server for Burp
JetBrains MCP Proxy Server
JetBrainsA model context protocol server to work with JetBrains IDEs: IntelliJ, PyCharm, WebStorm, etc. Also, works with Android Studio
MCP-Scan: An MCP Security Scanner
invariantlabs-aiSecurity scanner for AI agents, MCP servers and agent skills.
Comments