mcp-defect-dojo

brduru/mcp-defect-dojo

3.1

If you are the rightful owner of mcp-defect-dojo and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

MCP DefectDojo is a Model Context Protocol server that integrates AI agents with the DefectDojo vulnerability management platform, enabling automated security workflows and natural language interactions.

Tools
4
Resources
0
Prompts
0

MCP DefectDojo

🔗 Connect AI agents to DefectDojo vulnerability management

CI Go Version GoDoc

A Model Context Protocol server that enables AI agents to interact with DefectDojo vulnerability management platforms through natural language.

Compatible with: Claude Desktop, VS Code Copilot, custom AI agents, and any MCP-compatible tools

� Quick Start

For AI Agents (Recommended)

  1. Download the binary:

    # Linux/macOS
    curl -L https://github.com/brduru/mcp-defect-dojo/releases/latest/download/mcp-defect-dojo-linux-amd64 -o mcp-defect-dojo
    chmod +x mcp-defect-dojo
    
  2. Configure your AI client:

    Claude Desktop (~/.claude/claude_desktop_config.json):

    {
      "mcpServers": {
        "defectdojo": {
          "command": "/path/to/mcp-defect-dojo",
          "env": {
            "DEFECTDOJO_URL": "https://your-defectdojo.com",
            "DEFECTDOJO_API_KEY": "your-api-key"
          }
        }
      }
    }
    
  3. Start chatting:

    You: "Check if DefectDojo is working"
    Claude: ✅ DefectDojo Health Check: HEALTHY
    
    You: "Show me all critical vulnerabilities"
    Claude: Found 5 critical findings...
    

For Go Applications

go get github.com/brduru/mcp-defect-dojo/pkg/mcpserver
package main

import "github.com/brduru/mcp-defect-dojo/pkg/mcpserver"

func main() {
    // Quick setup with API key
    server, err := mcpserver.NewServerWithAPIKey("your-api-key")
    if err != nil {
        panic(err)
    }
    
    // Run the server
    if err := server.Run(context.Background()); err != nil {
        panic(err)
    }
}

🛠️ Available Tools

ToolDescriptionExample
defectdojo_health_checkVerify connectivity"Is DefectDojo online?"
get_defectdojo_findingsSearch vulnerabilities"Show me all critical findings"
get_finding_detailGet finding details"Get details for finding #123"
mark_finding_false_positiveMark false positives"Mark finding #456 as false positive"

Example Conversations

🧑: "Check if DefectDojo is working"
🤖: ✅ DefectDojo Health Check: HEALTHY
   Connection successful to https://your-defectdojo.com
   API v2 is responsive and accessible.

🧑: "Show me the most critical vulnerabilities"  
🤖: Found 3 critical findings:
   
   1. [Critical] SQL Injection in Authentication (ID: 456)
      Status: Active, Verified: true
      
   2. [Critical] Remote Code Execution via Upload (ID: 789)  
      Status: Active, Verified: false

⚙️ Configuration

Environment Variables

VariableDescriptionDefaultRequired
DEFECTDOJO_URLDefectDojo base URLhttp://localhost:8080
DEFECTDOJO_API_KEYAPI authentication key-
DEFECTDOJO_API_VERSIONAPI versionv2

Configuration Methods

// Method 1: Environment variables (recommended for AI agents)
server, err := mcpserver.NewServer()

// Method 2: Direct API key
server, err := mcpserver.NewServerWithAPIKey("your-api-key")

// Method 3: Full configuration
server, err := mcpserver.NewServerWithSettings(mcpserver.DefectDojoSettings{
    BaseURL:    "https://defectdojo.company.com",
    APIKey:     "your-api-key",
    APIVersion: "v2",
})

📦 Installation

Pre-built Binaries

From Source

git clone https://github.com/brduru/mcp-defect-dojo.git
cd mcp-defect-dojo
make build

Go Module

go get github.com/brduru/mcp-defect-dojo/pkg/mcpserver@latest

🔧 Development

Testing

# Run all tests
make test

# Run with coverage
make test-coverage

# Run specific package
go test ./pkg/mcpserver -v

Current Test Coverage:

  • pkg/mcpserver: 32.9%
  • pkg/types: 100%
  • internal/config: 80%
  • internal/defectdojo: 86.9%

Building

# Build for current platform
make build

# Build for all platforms
make build-all

# Run locally
make run

📚 Documentation

🤝 Contributing

We welcome contributions! Please see our for details.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Run tests (make test)
  4. Commit your changes (git commit -m 'Add some amazing feature')
  5. Push to the branch (git push origin feature/amazing-feature)
  6. Open a Pull Request

📝 License

MIT License - see file for details.


Connect your AI agents to DefectDojo and automate vulnerability management 🚀