VMware compliance scanning (CIS, vSphere SCG, GB/T 22239, PCI-DSS) with drift detection.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-zw008-vmware-harden": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Disclaimer: Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc. "VMware", "vSphere", "ESXi", and "NSX" are trademarks of Broadcom. Source code is publicly auditable at github.com/zw008/VMware-Harden under the MIT license.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
MCP Security Weekly
Get CVE alerts and security updates for io.github.zw008/vmware-harden and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Disclaimer: Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc. "VMware", "vSphere", "ESXi", and "NSX" are trademarks of Broadcom. Source code is publicly auditable at github.com/zw008/VMware-Harden under the MIT license.
AI-native VMware compliance and baseline enforcement. Sibling to the vmware-* skill family.
Production-ready compliance platform with 6 built-in baselines (CIS ESXi, vSphere SCG v8, 等保 2.0 三级, PCI-DSS 4.0, EU NIS2, BSI IT-Grundschutz), 87 rules, multi-vCenter Twin, drift detection, LLM Remediation Advisor, MCP server with 6 audited tools, web dashboard, and vmware-harden doctor environment diagnostics.
uv tool install vmware-harden
# List built-in baselines
vmware-harden baseline list
# Run a scan
vmware-harden scan --target <vcenter-name> --baseline cis-vmware-esxi-8.0-subset
# Or use 等保 2.0 三级 (国内合规独家)
vmware-harden scan --target <vc> --baseline dengbao-2.0-level3-vmware
# View results
vmware-harden report
vmware-harden drift
# Generate remediation suggestions
export ANTHROPIC_API_KEY=... # optional; falls back to mock without
vmware-harden advise --all-critical
# Web dashboard
vmware-harden web --port 8080 # → http://127.0.0.1:8080
| Baseline | Rules | Applies to | Source |
|---|---|---|---|
cis-vmware-esxi-8.0-subset | 20 | host | CIS Benchmark v1.0 |
vsphere-scg-v8-subset | 15 | host, vm | VMware vcf-security-and-compliance-guidelines |
dengbao-2.0-level3-vmware | 20 | host, vm, datastore, dfw_rule | GB/T 22239-2019 三级 |
pci-dss-4.0-vmware | 10 | host, dfw_rule | PCI-DSS v4.0 |
eu-nis2-vmware | 12 | host, dfw_rule | EU NIS2 Directive (Articles 21/23, Annex I) |
bsi-itgs-basisabsicherung-vmware | 10 | host | BSI IT-Grundschutz (OPS.1.1.4 + SYS.1.1) |
The existing baselines (cis-vmware-esxi-8.0-subset, vsphere-scg-v8, dengbao-2.0-level3-vmware, pci-dss-4.0-vmware) scan VCF 9.0 / 9.1 clusters successfully — most rules target host advanced settings stable across 8.x → 9.x. cis-vmware-esxi-9.0 and vsphere-scg-v9 baselines are planned for a future release.
vmware-harden baseline validate ./my-strict.yaml
vmware-harden baseline import ./my-strict.yaml --name my-strict-cis
vmware-harden scan --target <vc> --baseline my-strict-cis
YAML supports extends: for inheriting from a built-in baseline. See skills/vmware-harden/references/cli-reference.md.
vmware-harden-mcp # stdio MCP server
Configure your MCP client with one of examples/mcp-configs/*.json. 6 read-only tools: list_baselines, list_violations, get_remediation, list_drift_events, get_baseline_rules, scan_target.
~/.vmware-harden/twin.duckdb. Multi-target safe via target prefix on all node IDs.extra="forbid"), extends: inheritance, user-dir override.