onsecurity/onsecurity-mcp-server-internal
If you are the rightful owner of onsecurity-mcp-server-internal and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
The OnSecurity MCP server provides a seamless integration with the OnSecurity API, allowing users to query and manage security testing data efficiently.
OnSecurity MCP
A Model Context Protocol (MCP) server for the OnSecurity API with the ability query rounds, findings, prerequisites, blocks and notifications.
Installation
Add the following to your Claude Desktop configuration file (adjust the paths as needed) and choose UAT or Prod:
{
"mcpServers": {
"onsec-mcp": {
"command": "npx",
"args": [
"-y",
"git+https://{{YOUR_GITHUB_TOKEN}}@github.com/onsecurity/onsecurity-mcp-server-internal.git"
],
"env": {
"ONSECURITY_API_TOKEN": "{{YOUR_ONSECURITY_API_TOKEN}}",
"ONSECURITY_API_BASE": "https://app.onsecurity.io/api/v2"
}
}
}
}
After adding this configuration, restart Claude Desktop, and you'll be able to access the OnSecurity tools through Claude.
Usage
Once configured, Claude will have access to the following tools:
get-roundsget-findingsget-blocksget-notificationsget-prerequisitesget-round-automation-featuresget-round-artifact-featuresget-client-report-featuresget-report-templatesget-platform-podsget-platform-tasksget-time-logs
Example Questions
- Give me a summary of my most recent pentest/scan.
- Show me trends across my pentests as a graph.
- What can I address to make the most impact most quickly on my most recent pentest?
- I would like summaries for different types of stakeholders on the state of our recent pentest engagemenets - eg high level, technical, managerial etc
- Do I need to action anything to prevent test getting held up?
- Are there any new findings?
- What are the top 10 most common findings across pentests and scans.
Note: It is useful sometimes to configure Claude to "Extended thinking" for some questions.