jmstar85/DevSecOps-MCP
If you are the rightful owner of DevSecOps-MCP and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
The DevSecOps MCP Server is an enterprise-grade Model Context Protocol server offering comprehensive DevSecOps capabilities.
The DevSecOps MCP Server is designed to provide robust security testing and analysis for software development projects. It integrates advanced Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST) to ensure that applications are secure from vulnerabilities throughout the development lifecycle. The server supports multiple programming languages and ecosystems, making it versatile for various development environments. It also offers enterprise-level reporting and compliance mapping, helping organizations meet industry standards and regulations. With features like vulnerability detection, code quality metrics, and risk assessment, the DevSecOps MCP Server is a critical tool for maintaining secure and reliable software.
Features
- Advanced SAST with multi-language support and comprehensive vulnerability detection.
- Software Composition Analysis for dependency scanning and license compliance.
- Dynamic Application Security Testing with browser automation and API security testing.
- Enterprise reporting with SARIF format support and compliance mapping.
- Risk assessment and remediation guidance for identified vulnerabilities.
Usages
usage with local development
{ "mcp": { "servers": { "devsecops": { "command": "node", "args": [ "src/index.js" ] } } } }
usage with docker
{ "mcp": { "servers": { "devsecops": { "command": "docker", "args": [ "run", "--rm", "-i", "devsecops-mcp-server" ] } } } }
usage with docker compose
yaml version: '3.8' services: devsecops: image: devsecops-mcp-server ports: - "8080:8080" environment: NODE_ENV: production LOG_LEVEL: info
Tools
Advanced SAST Scan
Performs enterprise-grade static application security testing.
Software Composition Analysis
Analyzes dependencies for vulnerabilities and license compliance.
Advanced DAST Scan
Performs dynamic security testing on running applications.
Vulnerability Report Generation
Generates enterprise-grade security reports.