ai-cve-mcp-server

BuildAndDestroy/ai-cve-mcp-server

3.2

If you are the rightful owner of ai-cve-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The ai-cve-mcp-server is a Model Context Protocol (MCP) server designed to manage and serve Common Vulnerabilities and Exposures (CVE) data efficiently.

CVE Analysis MCP Server

A production-ready Model Context Protocol (MCP) server for CVE (Common Vulnerabilities and Exposures) analysis with vector search and RAG (Retrieval-Augmented Generation) capabilities.

Features

  • Vector Search: Semantic search across CVE databases using embeddings
  • RAG Analysis: AI-powered vulnerability analysis using LLMs
  • Multiple Backends: Support for Ollama (local) and AWS Bedrock (cloud)
  • Production Ready: Docker deployment, monitoring, logging, and health checks
  • MCP Compatible: Works with any MCP-enabled client (Claude Desktop, etc.)
  • CVE Specialized: Optimized for vulnerability research and security analysis

Quick Start

Prerequisites

  • Docker and Docker Compose
  • Git

1. Clone and Setup

git clone https://github.com/your-org/cve-analysis-mcp-server.git
cd cve-analysis-mcp-server

# Create required directories
mkdir -p data logs config

2. Launch with Docker Compose

# Start the full stack
docker-compose up -d

# Check service health
docker-compose ps

This launches:

  • Qdrant: Vector database (port 6333)
  • Ollama: Local LLM service (port 11434)
  • CVE MCP Server: The MCP server
  • Prometheus: Metrics collection (port 9090)
  • Grafana: Monitoring dashboard (port 3001)

3. Initialize Ollama Models

# Pull required models
docker-compose exec ollama ollama pull nomic-embed-text
docker-compose exec ollama ollama pull llama3.2

# Verify models
docker-compose exec ollama ollama list

4. Import CVE Data

Place your CVE JSON files in the ./data directory, then use the import tool:

# Using the MCP server's import tool
curl -X POST http://localhost:3000/tools/import_cve_data \
  -H "Content-Type: application/json" \
  -d '{"file_path": "/app/data/cve-2024-data.json", "collection_name": "cve_2024"}'

MCP Server Tools

The server exposes the following MCP tools:

1. search_cve_database

Search CVE database using semantic search.

{
  "tool": "search_cve_database",
  "arguments": {
    "query": "remote code execution Windows",
    "top_k": 10,
    "collections": ["cve_2024"]
  }
}

2. analyze_vulnerability

Perform detailed RAG-based vulnerability analysis.

{
  "tool": "analyze_vulnerability", 
  "arguments": {
    "question": "What are the most critical Microsoft vulnerabilities?",
    "context_size": 20,
    "collections": ["cve_2024", "cve_critical"]
  }
}

3. get_cve_details

Get detailed information about specific CVE records.

{
  "tool": "get_cve_details",
  "arguments": {
    "cve_ids": ["CVE-2024-1234", "CVE-2024-5678"],
    "include_context": true
  }
}

4. vulnerability_trends

Analyze vulnerability trends and patterns.

{
  "tool": "vulnerability_trends",
  "arguments": {
    "analysis_type": "temporal",
    "filters": {"vendor": "Microsoft", "cvss_min": 7.0},
    "limit": 100
  }
}

5. import_cve_data

Import new CVE data into the database.

{
  "tool": "import_cve_data",
  "arguments": {
    "file_path": "/app/data/new_cve_data.json",
    "collection_name": "cve_latest",
    "create_collection": true
  }
}

Configuration

Environment Variables

Key environment variables for configuration:

# Qdrant
QDRANT_HOST=qdrant
QDRANT_PORT=6333

# Ollama  
OLLAMA_HOST=ollama
OLLAMA_PORT=11434
OLLAMA_EMBED_MODEL=nomic-embed-text
OLLAMA_LLM_MODEL=llama3.2

# AWS Bedrock (optional)
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=your_key
AWS_SECRET_ACCESS_KEY=your_secret

# Server
EMBEDDING_BACKEND=ollama  # ollama, bedrock, zero
LLM_BACKEND=ollama       # ollama, bedrock
LOG_LEVEL=INFO

Configuration Files

  • config/server_config.yaml: Main server configuration
  • config/qdrant_config.yaml: Qdrant database settings
  • config/logging.yaml: Logging configuration
  • config/prometheus.yml: Metrics configuration

MCP Client Integration

Claude Desktop

Add to your Claude Desktop MCP configuration:

{
  "mcpServers": {
    "cve-analysis": {
      "command": "docker",
      "args": ["exec", "-i", "cve-mcp-server", "cve-mcp-server"],
      "description": "CVE vulnerability analysis server"
    }
  }
}

Custom MCP Client

import asyncio
from mcp.client.session import ClientSession
from mcp.client.stdio import stdio_client

async def main():
    async with stdio_client() as streams:
        async with ClientSession(streams[0], streams[1]) as session:
            await session.initialize()
            
            # Search for vulnerabilities
            result = await session.call_tool(
                "search_cve_database",
                {"query": "SQL injection", "top_k": 5}
            )
            print(result)

asyncio.run(main())

Production Deployment

Security Hardening

  1. Use secrets management:
# Use Docker secrets for sensitive data
echo "your_aws_key" | docker secret create aws_access_key -
echo "your_aws_secret" | docker secret create aws_secret_key -
  1. Enable TLS:
# In docker-compose.yml
services:
  cve-mcp-server:
    environment:
      - TLS_ENABLED=true
      - TLS_CERT_PATH=/app/certs/server.crt
      - TLS_KEY_PATH=/app/certs/server.key
  1. Network security:
# Custom network with restricted access
networks:
  cve-internal:
    driver: bridge
    internal: true

Scaling

Horizontal Scaling
# Scale the MCP server
services:
  cve-mcp-server:
    deploy:
      replicas: 3
    ports:
      - "3000-3002:3000"
Qdrant Clustering
# Multi-node Qdrant setup
services:
  qdrant-node1:
    image: qdrant/qdrant:v1.7.4
    environment:
      - QDRANT__CLUSTER__ENABLED=true
      - QDRANT__CLUSTER__NODE_ID=1
    
  qdrant-node2:
    image: qdrant/qdrant:v1.7.4
    environment:
      - QDRANT__CLUSTER__ENABLED=true
      - QDRANT__CLUSTER__NODE_ID=2

Monitoring & Observability

Metrics

Access metrics at:

Key metrics tracked:

  • Request latency and throughput
  • Vector search performance
  • LLM response times
  • Database health
  • Error rates
Logging

Structured JSON logs with multiple levels:

  • Application logs: /app/logs/cve-mcp-server.log
  • Error logs: /app/logs/cve-mcp-server-errors.log
  • System logs: Available via docker-compose logs
Health Checks

Built-in health checks for all services:

# Check service health
curl http://localhost:3000/health

# Check Qdrant health  
curl http://localhost:6333/health

# Check Ollama health
curl http://localhost:11434/api/tags

Development

Local Development Setup

# Create virtual environment
python3.11 -m venv venv
source venv/bin/activate

# Install dependencies
pip install -e ".[dev]"

# Install pre-commit hooks
pre-commit install

# Run tests
pytest

# Run type checking
mypy src/

# Format code
black src/
ruff check src/

Testing

# Run all tests
pytest

# Run with coverage
pytest --cov=cve_mcp_server --cov-report=html

# Run only unit tests
pytest -m "not integration"

# Run only integration tests
pytest -m integration

Adding New Tools

  1. Define the tool in server.py:
Tool(
    name="your_new_tool",
    description="Description of what it does",
    inputSchema={...}
)
  1. Implement the handler:
async def _your_new_tool(self, **kwargs) -> list[TextContent]:
    # Tool implementation
    return [TextContent(type="text", text=result)]
  1. Add to dispatcher:
elif name == "your_new_tool":
    return await self._your_new_tool(**arguments)

Troubleshooting

Common Issues

MCP Server won't start:

# Check logs
docker-compose logs cve-mcp-server

# Verify dependencies are healthy
docker-compose ps

Ollama models not loading:

# Verify models are pulled
docker-compose exec ollama ollama list

# Check Ollama logs
docker-compose logs ollama

Qdrant connection errors:

# Check Qdrant status
curl http://localhost:6333/health

# Verify collections exist  
curl http://localhost:6333/collections

Vector search returning no results:

  • Verify CVE data has been imported
  • Check collection names match configuration
  • Ensure embedding model is working

Performance Tuning

Qdrant Optimization:

# In qdrant_config.yaml
hnsw_config:
  m: 32              # Higher = better recall, more memory
  ef_construct: 400  # Higher = better quality, slower indexing
  full_scan_threshold: 20000  # Threshold for brute force search

Ollama Performance:

# Enable GPU acceleration
services:
  ollama:
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: 1
              capabilities: [gpu]

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make changes with tests
  4. Run linting and tests
  5. Submit a pull request

License

GNU GENERAL PUBLIC LICENSE - see LICENSE file for details.

Support