Is Defectdojo Mcp safe to use?

Defectdojo Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Defectdojo Mcp?

Defectdojo Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Defectdojo Mcp do?

Defectdojo Mcp provides 11 tools: get_findings, search_findings, update_finding_status, add_finding_note, create_finding and 6 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Defectdojo Mcp?

Defectdojo Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Defectdojo Mcp actively maintained?

Defectdojo Mcp is not actively maintained — last commit was 424 days ago. It has 13 GitHub stars.

Defectdojo Mcp

Name: Defectdojo Mcp
Author: jamiesonio

defectdojo-mcp · by jamiesonio

An experimental ModelContextProtocol server connecting LLMs to DefectDojo for AI-powered security workflows. Enables natural language interaction with vulnerability data, simplifies security analysis, and automates reporting through a lightweight middleware integration.

13 11 tools GitHub PyPI

No known CVEs

MIT license

Stale

Last commit 424d ago

Works with most clients

Transport: stdio

11 tools · ~850 tok

Grade B · 0.4% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "defectdojo": {
      "env": {
        "DEFECTDOJO_API_BASE": "https://your-defectdojo-instance.com",
        "DEFECTDOJO_API_TOKEN": "YOUR_API_TOKEN_HERE"
      },
      "args": [
        "defectdojo-mcp"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/defectdojo-mcp)](https://mcppedia.org/s/defectdojo-mcp)

Read me

What Defectdojo Mcp does

This project provides a Model Context Protocol (MCP) server implementation for DefectDojo, a popular open-source vulnerability management tool. It allows AI agents and other MCP clients to interact with the DefectDojo API programmatically.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'defectdojo-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

72/100across 5 weighted dimensions

How we score →

0255075100

−28

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked defectdojo-mcp against OSV.dev.

Inventory

Tools (11)

Click any tool to inspect its schema.

~850 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Defectdojo Mcp safe to use?: Defectdojo Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Defectdojo Mcp?: Defectdojo Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Defectdojo Mcp do?: Defectdojo Mcp provides 11 tools: get_findings, search_findings, update_finding_status, add_finding_note, create_finding and 6 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Defectdojo Mcp?: Defectdojo Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Defectdojo Mcp actively maintained?: Defectdojo Mcp is not actively maintained — last commit was 424 days ago. It has 13 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Defectdojo Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "defectdojo": {
      "env": {
        "DEFECTDOJO_API_BASE": "https://your-defectdojo-instance.com",
        "DEFECTDOJO_API_TOKEN": "YOUR_API_TOKEN_HERE"
      },
      "args": [
        "defectdojo-mcp"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/defectdojo-mcp)](https://mcppedia.org/s/defectdojo-mcp)

Read me

What Defectdojo Mcp does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'defectdojo-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

DefectDojo MCP Server

Features

This MCP server exposes tools for managing key DefectDojo entities:

Findings: Fetch, search, create, update status, and add notes.
Products: List available products.
Engagements: List, retrieve details, create, update, and close engagements.

Installation & Running

There are a couple of ways to run this server:

Using `uvx` (Recommended)

uvx executes Python applications in temporary virtual environments, installing dependencies automatically.

uvx defectdojo-mcp

Using `pip`

You can install the package into your Python environment using pip.

# Install directly from the cloned source code directory
pip install .

# Or, if the package is published on PyPI
pip install defectdojo-mcp

Once installed via pip, run the server using:

defectdojo-mcp

Configuration

The server requires the following environment variables to connect to your DefectDojo instance:

DEFECTDOJO_API_TOKEN (required): Your DefectDojo API token for authentication.
DEFECTDOJO_API_BASE (required): The base URL of your DefectDojo instance (e.g., https://your-defectdojo-instance.com).

You can configure these in your MCP client's settings file. Here's an example using the uvx command:

{
  "mcpServers": {
    "defectdojo": {
      "command": "uvx",
      "args": ["defectdojo-mcp"],
      "env": {
        "DEFECTDOJO_API_TOKEN": "YOUR_API_TOKEN_HERE",
        "DEFECTDOJO_API_BASE": "https://your-defectdojo-instance.com"
      }
    }
  }
}

If you installed the package using pip, the configuration would look like this:

{
  "mcpServers": {
    "defectdojo": {
      "command": "defectdojo-mcp",
      "args": [],
      "env": {
        "DEFECTDOJO_API_TOKEN": "YOUR_API_TOKEN_HERE",
        "DEFECTDOJO_API_BASE": "https://your-defectdojo-instance.com"
      }
    }
  }
}

Available Tools

The following tools are available via the MCP interface:

get_findings: Retrieve findings with filtering (product_name, status, severity) and pagination (limit, offset).
search_findings: Search findings using a text query, with filtering and pagination.
update_finding_status: Change the status of a specific finding (e.g., Active, Verified, False Positive).
add_finding_note: Add a textual note to a finding.
create_finding: Create a new finding associated with a test.
list_products: List products with filtering (name, prod_type) and pagination.
list_engagements: List engagements with filtering (product_id, status, name) and pagination.
get_engagement: Get details for a specific engagement by its ID.
create_engagement: Create a new engagement for a product.
update_engagement: Modify details of an existing engagement.
close_engagement: Mark an engagement as completed.

(See the original README content below for detailed usage examples of each tool)

Usage Examples

(Note: These examples assume an MCP client environment capable of calling use_mcp_tool)

Get Findings

# Get active, high-severity findings (limit 10)
result = await use_mcp_tool("defectdojo", "get_findings", {
    "status": "Active",
    "severity": "High",
    "limit": 10
})

Search Findings

# Search for findings containing 'SQL Injection'
result = await use_mcp_tool("defectdojo", "search_findings", {
    "query": "SQL Injection"
})

Update Finding Status

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

72/100across 5 weighted dimensions

How we score →

0255075100

−28

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked defectdojo-mcp against OSV.dev.

Inventory

Tools (11)

Click any tool to inspect its schema.

~850 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Defectdojo Mcp safe to use?: Defectdojo Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Defectdojo Mcp?: Defectdojo Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Defectdojo Mcp do?: Defectdojo Mcp provides 11 tools: get_findings, search_findings, update_finding_status, add_finding_note, create_finding and 6 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Defectdojo Mcp?: Defectdojo Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Defectdojo Mcp actively maintained?: Defectdojo Mcp is not actively maintained — last commit was 424 days ago. It has 13 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Defectdojo Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Defectdojo Mcp

Install in your client

What Defectdojo Mcp does

Test This Server

Why this score

72/100across 5 weighted dimensions

Security

Tools (11)

Reviews

Frequently Asked Questions

Similar servers

Discussion

Defectdojo Mcp

Install in your client

What Defectdojo Mcp does

Test This Server

DefectDojo MCP Server

Features

Installation & Running

Using uvx (Recommended)

Using pip

Configuration

Available Tools

Usage Examples

Get Findings

Search Findings

Update Finding Status

Why this score

72/100across 5 weighted dimensions

Security

Tools (11)

Reviews

Frequently Asked Questions

Similar servers

Discussion

DefectDojo MCP Server

Features

Installation & Running

Using uvx (Recommended)

Using pip

Configuration

Available Tools

Usage Examples

Get Findings

Search Findings

Update Finding Status

Using `uvx` (Recommended)

Using `pip`

Using `uvx` (Recommended)

Using `pip`