kubescape-mcp-server

slashben/kubescape-mcp-server

3.2

If you are the rightful owner of kubescape-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

Kubescape MCP Server is a middleware component that facilitates the exposure of Kubernetes vulnerability manifests and related tools via the Mark3 Labs MCP protocol.

Tools

  1. list_vulnerability_manifests

    Discover available vulnerability manifests at image and workload levels.

  2. list_vulnerabilities_in_manifest

    List all vulnerabilities in a given manifest.

  3. list_vulnerability_matches_for_cve

    List all vulnerability matches for a given CVE in a given manifest.

Kubescape MCP Server

:exclamation: Warning: This is a playground project and most likely will be moved to Kubescape organization soon.

Kubescape MCP Server is a middleware component that exposes Kubernetes vulnerability manifests and related tools via the Mark3 Labs MCP protocol. It enables discovery, listing, and querying of vulnerabilities at both image and workload levels in your Kubernetes cluster.

Features

  • List available vulnerability manifests for images and workloads
  • Query all vulnerabilities in a given manifest
  • Query all matches for a specific CVE in a manifest
  • Expose vulnerability manifest resources via MCP resource templates

Usage

  1. Build and Run

    • Ensure you have Go installed (1.18+ recommended).
    • Clone the repository and build the server: 
      go build -o ks-mcpserver ks-mcpserver.go
./ks-mcpserver
    • The server will start and listen for MCP protocol requests via stdio.

  2. Kubernetes Access

    • The server requires access to your Kubernetes cluster and expects the appropriate kubeconfig/context.
    • It uses the Kubescape storage API to fetch vulnerability manifests.

  3. MCP Tools

    • The following tools are available:
      • list_vulnerability_manifests: Discover available vulnerability manifests at image and workload levels.
      • list_vulnerabilities_in_manifest: List all vulnerabilities in a given manifest.
      • list_vulnerability_matches_for_cve: List all vulnerability matches for a given CVE in a given manifest.

  4. Resource Templates

    • Vulnerability manifests are exposed as MCP resources, e.g.:
      • kubescape://vulnerability-manifests/{namespace}/{manifest_name}/cve_list
      • kubescape://vulnerability-manifests/{namespace}/{manifest_name}/cve_details/{cve_id}

Development

  • Contributions are welcome! Please open issues or pull requests for bug fixes, features, or documentation improvements.
  • Ensure code is formatted with gofmt and passes linting.

License

This project is licensed under the Apache 2.0 or MIT License. See LICENSE for details.