Is io.github.inspicere/mcp-defectdojo safe to use?

io.github.inspicere/mcp-defectdojo has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.inspicere/mcp-defectdojo?

io.github.inspicere/mcp-defectdojo can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.inspicere/mcp-defectdojo?

io.github.inspicere/mcp-defectdojo is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

io.github.inspicere/mcp-defectdojo

MCP server for DefectDojo: 24 tools with RBAC, HMAC audit chain, and SIEM forwarding

0 tools GitHub

No known CVEs

No license

Maintenance unknown

No commit data

Works with most clients

Transport: stdio

0 tools

Token cost not measured

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-inspicere-mcp-defectdojo": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-inspicere-mcp-defectdojo)](https://mcppedia.org/s/io-github-inspicere-mcp-defectdojo)

Read me

What io.github.inspicere/mcp-defectdojo does

MCP server for DefectDojo: 24 tools with RBAC, HMAC audit chain, and SIEM forwarding

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

0/100across 5 weighted dimensions

How we score →

0255075100

−100

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.inspicere/mcp-defectdojo safe to use?: io.github.inspicere/mcp-defectdojo has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.inspicere/mcp-defectdojo?: io.github.inspicere/mcp-defectdojo can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.inspicere/mcp-defectdojo?: io.github.inspicere/mcp-defectdojo is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Similar servers

Others in security

View all →

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Evil Mcp Server91

An evil MCP server used for redteam testing

30 1

Atomic Red Team Mcp90

MCP server for Atomic Red Team

123 5

Iam Policy Autopilot90

IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.

361 1

MCP Security Weekly

Get CVE alerts and security updates for io.github.inspicere/mcp-defectdojo and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-inspicere-mcp-defectdojo": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-inspicere-mcp-defectdojo)](https://mcppedia.org/s/io-github-inspicere-mcp-defectdojo)

Read me

What io.github.inspicere/mcp-defectdojo does

MCP server for DefectDojo: 24 tools with RBAC, HMAC audit chain, and SIEM forwarding

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

mcp-defectdojo

MCP server for DefectDojo vulnerability management. Exposes 24 tools for managing products, engagements, tests, findings, scan imports, and finding lifecycle through the Model Context Protocol.

Getting Started Guide — step-by-step setup, from install through connecting your first MCP client.

Quick Start

git clone https://github.com/inspicere/mcp-defectdojo.git && cd mcp-defectdojo
cp .env.example .env
# Edit .env — set DEFECTDOJO_URL and DEFECTDOJO_API_KEY
uv sync --frozen
uv run mcp-defectdojo

Requires Python 3.12+, uv, and a running DefectDojo instance.

Configuration

All configuration is via environment variables. Copy env.example to .env for local development.

Required

Variable	Description
`DEFECTDOJO_URL`	Base URL of the DefectDojo instance (must use `https://` unless overridden)
`DEFECTDOJO_API_KEY`	API key for DefectDojo (generate at DefectDojo > API v2 > Your API Key)

Optional — Dual API Key Mode

For least-privilege access, use separate read/write keys instead of DEFECTDOJO_API_KEY:

Variable	Description
`DEFECTDOJO_READ_API_KEY`	Read-only API key (used for GET requests)
`DEFECTDOJO_WRITE_API_KEY`	Write API key (used for POST/PATCH requests)

Optional — MCP Authentication (RBAC)

Token-role bindings using MCP_ROLE_* env vars (preferred):

Variable	Description
`MCP_ROLE_<NAME>`	Format: `<token>:<role>`. Binds a bearer token to a role. Name becomes the caller ID.

Four roles are available, each inheriting from the one below:

Role	Permissions
`admin`	All permissions including `product_mgmt`
`writer`	`engagement_mgmt`, `finding_mgmt`, `scan_mgmt`, `metadata_read`, `system`
`scanner`	`scan_mgmt`, `metadata_read`, `system`
`reader`	`metadata_read`, `system`

Example: MCP_ROLE_CI=tok_abc123:scanner grants the token scanner-level access.

Legacy variables (mapped to RBAC roles for backward compatibility):

Variable	Maps to
`MCP_AUTH_TOKEN`	`admin` role
`MCP_READ_TOKEN`	`reader` role

Optional — Transport

Variable	Default	Description
`FASTMCP_TRANSPORT`	`stdio`	Transport mode: `stdio`, `sse`, `streamable-http`, `http`
`FASTMCP_HOST`	`0.0.0.0`	Bind address for network transports
`FASTMCP_PORT`	`8000`	Port for network transports

Optional — Security

Variable	Default	Description
`ALLOW_INSECURE_HTTP`	`false`	Allow `http://` URLs (TLS required by default)
`MUTATION_RATE_LIMIT`	`60`	Max mutations per rate window per authenticated caller (per-token bucket)
`OPEN_ACCESS_MUTATION_RATE_LIMIT`	`10`	Max mutations per rate window across all unauthenticated traffic (one shared bucket — applies only when `REQUIRE_AUTH=false`)
`MUTATION_RATE_WINDOW`	`60`	Rate window in seconds (applies to both buckets)
`UNTRUSTED_CONTENT_WRAPPING`	`on`	F-002 read-side wrapping kill-switch. When `on` (default), `title`, `description`, `tags`, `notes`, and note `entry` fields are returned inside `{"value": <content>, "_warning": "untrusted-content: ..."}`. Set to `off` only for legacy downstream consumers that cannot parse the wrapped shape.

Optional — Logging & Audit

Variable	Default	Description
`LOG_LEVEL`	`INFO`	`DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
`AUDIT_HMAC_KEY`	(ephemeral)	HMAC key for audit log integrity chain. Required for cross-restart log verification. Generate with: `python3 -c "import secrets; print(secrets.token_hex(32))"`
`AUDIT_LOG_FILE`	(stderr only)	Path for d

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

0/100across 5 weighted dimensions

How we score →

0255075100

−100

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.inspicere/mcp-defectdojo safe to use?: io.github.inspicere/mcp-defectdojo has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.inspicere/mcp-defectdojo?: io.github.inspicere/mcp-defectdojo can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.inspicere/mcp-defectdojo?: io.github.inspicere/mcp-defectdojo is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.