jmstar85/DevSecOps-MCP

Features

• Advanced SAST with multi-language support and comprehensive vulnerability detection.
• Software Composition Analysis for dependency scanning and license compliance.
• Dynamic Application Security Testing with browser automation and API security testing.
• Enterprise reporting with SARIF format support and compliance mapping.
• Risk assessment and remediation guidance for identified vulnerabilities.

Usages

usage with local development

{
  "mcp": {
    "servers": {
      "devsecops": {
        "command": "node",
        "args": [
          "src/index.js"
        ]
      }
    }
  }
}

usage with docker

{
  "mcp": {
    "servers": {
      "devsecops": {
        "command": "docker",
        "args": [
          "run",
          "--rm",
          "-i",
          "devsecops-mcp-server"
        ]
      }
    }
  }
}

usage with docker compose

yaml
version: '3.8'
services:
  devsecops:
    image: devsecops-mcp-server
    ports:
      - "8080:8080"
    environment:
      NODE_ENV: production
      LOG_LEVEL: info

Tools

1. Advanced SAST Scan

   Performs enterprise-grade static application security testing.

2. Software Composition Analysis

   Analyzes dependencies for vulnerabilities and license compliance.

3. Advanced DAST Scan

   Performs dynamic security testing on running applications.

4. Vulnerability Report Generation

   Generates enterprise-grade security reports.