brduru/mcp-defect-dojo

MCP DefectDojo

🔗 Connect AI agents to DefectDojo vulnerability management

A Model Context Protocol server that enables AI agents to interact with DefectDojo vulnerability management platforms through natural language.

Compatible with: Claude Desktop, VS Code Copilot, custom AI agents, and any MCP-compatible tools

� Quick Start

For AI Agents (Recommended)

1. Download the binary:

   # Linux/macOS
   curl -L https://github.com/brduru/mcp-defect-dojo/releases/latest/download/mcp-defect-dojo-linux-amd64 -o mcp-defect-dojo
   chmod +x mcp-defect-dojo
   

2. Configure your AI client:

   Claude Desktop (~/.claude/claude_desktop_config.json):

   {
     "mcpServers": {
       "defectdojo": {
         "command": "/path/to/mcp-defect-dojo",
         "env": {
           "DEFECTDOJO_URL": "https://your-defectdojo.com",
           "DEFECTDOJO_API_KEY": "your-api-key"
         }
       }
     }
   }
   

3. Start chatting:

   You: "Check if DefectDojo is working"
   Claude: ✅ DefectDojo Health Check: HEALTHY
   
   You: "Show me all critical vulnerabilities"
   Claude: Found 5 critical findings...
   

For Go Applications

go get github.com/brduru/mcp-defect-dojo/pkg/mcpserver

package main

import "github.com/brduru/mcp-defect-dojo/pkg/mcpserver"

func main() {
    // Quick setup with API key
    server, err := mcpserver.NewServerWithAPIKey("your-api-key")
    if err != nil {
        panic(err)
    }
    
    // Run the server
    if err := server.Run(context.Background()); err != nil {
        panic(err)
    }
}

🛠️ Available Tools

Example Conversations

🧑: "Check if DefectDojo is working"
🤖: ✅ DefectDojo Health Check: HEALTHY
   Connection successful to https://your-defectdojo.com
   API v2 is responsive and accessible.

🧑: "Show me the most critical vulnerabilities"  
🤖: Found 3 critical findings:
   
   1. [Critical] SQL Injection in Authentication (ID: 456)
      Status: Active, Verified: true
      
   2. [Critical] Remote Code Execution via Upload (ID: 789)  
      Status: Active, Verified: false

⚙️ Configuration

Environment Variables

Configuration Methods

// Method 1: Environment variables (recommended for AI agents)
server, err := mcpserver.NewServer()

// Method 2: Direct API key
server, err := mcpserver.NewServerWithAPIKey("your-api-key")

// Method 3: Full configuration
server, err := mcpserver.NewServerWithSettings(mcpserver.DefectDojoSettings{
    BaseURL:    "https://defectdojo.company.com",
    APIKey:     "your-api-key",
    APIVersion: "v2",
})

📦 Installation

Pre-built Binaries

From Source

git clone https://github.com/brduru/mcp-defect-dojo.git
cd mcp-defect-dojo
make build

Go Module

go get github.com/brduru/mcp-defect-dojo/pkg/mcpserver@latest

🔧 Development

Testing

# Run all tests
make test

# Run with coverage
make test-coverage

# Run specific package
go test ./pkg/mcpserver -v

Current Test Coverage:

• pkg/mcpserver: 32.9%
• pkg/types: 100%
• internal/config: 80%
• internal/defectdojo: 86.9%

Building

# Build for current platform
make build

# Build for all platforms
make build-all

# Run locally
make run

📚 Documentation

• GoDoc API Reference - Complete API documentation
• - Usage examples and integration patterns
• Model Context Protocol - Learn about MCP
• DefectDojo API - DefectDojo API documentation

🤝 Contributing

We welcome contributions! Please see our for details.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Run tests (make test)
4. Commit your changes (git commit -m 'Add some amazing feature')
5. Push to the branch (git push origin feature/amazing-feature)
6. Open a Pull Request

📝 License

MIT License - see file for details.

Connect your AI agents to DefectDojo and automate vulnerability management 🚀