{"id":26945548,"url":"https://github.com/jamiesonio/defectdojo-mcp","last_synced_at":"2026-05-01T14:33:27.126Z","repository":{"id":285503841,"uuid":"958339842","full_name":"jamiesonio/defectdojo-mcp","owner":"jamiesonio","description":"An experimental ModelContextProtocol server connecting LLMs to DefectDojo for AI-powered security workflows. Enables natural language interaction with vulnerability data, simplifies security analysis, and automates reporting through a lightweight middleware integration.","archived":false,"fork":false,"pushed_at":"2025-04-01T04:26:16.000Z","size":13,"stargazers_count":5,"open_issues_count":3,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-16T14:35:15.613Z","etag":null,"topics":["appsec","defectdojo","devsecops","fastmcp","mcp","security","security-automation"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jamiesonio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-04-01T03:18:46.000Z","updated_at":"2025-08-16T13:16:36.000Z","dependencies_parsed_at":"2025-04-01T05:27:06.240Z","dependency_job_id":"01052db6-1d1b-400f-81e0-601c947a18ff","html_url":"https://github.com/jamiesonio/defectdojo-mcp","commit_stats":null,"previous_names":["jamiesonio/defectdojo-mcp"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jamiesonio/defectdojo-mcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamiesonio%2Fdefectdojo-mcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamiesonio%2Fdefectdojo-mcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamiesonio%2Fdefectdojo-mcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamiesonio%2Fdefectdojo-mcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jamiesonio","download_url":"https://codeload.github.com/jamiesonio/defectdojo-mcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamiesonio%2Fdefectdojo-mcp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32501402,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","defectdojo","devsecops","fastmcp","mcp","security","security-automation"],"created_at":"2025-04-02T19:15:16.204Z","updated_at":"2026-05-01T14:33:27.104Z","avatar_url":"https://github.com/jamiesonio.png","language":"Python","funding_links":[],"categories":["Security \u0026 Attestation MCP Servers","APIs and HTTP Requests","Security"],"sub_categories":["How to Submit"],"readme":"# DefectDojo MCP Server\n\n[![PyPI version](https://badge.fury.io/py/defectdojo.svg)](https://badge.fury.io/py/defectdojo) \u003c!-- Add this badge if/when published to PyPI --\u003e\n\nThis project provides a [Model Context Protocol (MCP)](https://github.com/modelcontextprotocol/specification) server implementation for [DefectDojo](https://github.com/DefectDojo/django-DefectDojo), a popular open-source vulnerability management tool. It allows AI agents and other MCP clients to interact with the DefectDojo API programmatically.\n\n## Features\n\nThis MCP server exposes tools for managing key DefectDojo entities:\n\n*   **Findings:** Fetch, search, create, update status, and add notes.\n*   **Products:** List available products.\n*   **Engagements:** List, retrieve details, create, update, and close engagements.\n\n## Installation \u0026 Running\n\nThere are a couple of ways to run this server:\n\n### Using `uvx` (Recommended)\n\n`uvx` executes Python applications in temporary virtual environments, installing dependencies automatically.\n\n```bash\nuvx defectdojo-mcp\n```\n\n### Using `pip`\n\nYou can install the package into your Python environment using `pip`.\n\n```bash\n# Install directly from the cloned source code directory\npip install .\n\n# Or, if the package is published on PyPI\npip install defectdojo-mcp\n```\n\nOnce installed via pip, run the server using:\n\n```bash\ndefectdojo-mcp\n```\n\n## Configuration\n\nThe server requires the following environment variables to connect to your DefectDojo instance:\n\n*   `DEFECTDOJO_API_TOKEN` (**required**): Your DefectDojo API token for authentication.\n*   `DEFECTDOJO_API_BASE` (**required**): The base URL of your DefectDojo instance (e.g., `https://your-defectdojo-instance.com`).\n\nYou can configure these in your MCP client's settings file. Here's an example using the `uvx` command:\n\n```json\n{\n  \"mcpServers\": {\n    \"defectdojo\": {\n      \"command\": \"uvx\",\n      \"args\": [\"defectdojo-mcp\"],\n      \"env\": {\n        \"DEFECTDOJO_API_TOKEN\": \"YOUR_API_TOKEN_HERE\",\n        \"DEFECTDOJO_API_BASE\": \"https://your-defectdojo-instance.com\"\n      }\n    }\n  }\n}\n```\n\nIf you installed the package using `pip`, the configuration would look like this:\n\n```json\n{\n  \"mcpServers\": {\n    \"defectdojo\": {\n      \"command\": \"defectdojo-mcp\",\n      \"args\": [],\n      \"env\": {\n        \"DEFECTDOJO_API_TOKEN\": \"YOUR_API_TOKEN_HERE\",\n        \"DEFECTDOJO_API_BASE\": \"https://your-defectdojo-instance.com\"\n      }\n    }\n  }\n}\n```\n\n## Available Tools\n\nThe following tools are available via the MCP interface:\n\n*   `get_findings`: Retrieve findings with filtering (product_name, status, severity) and pagination (limit, offset).\n*   `search_findings`: Search findings using a text query, with filtering and pagination.\n*   `update_finding_status`: Change the status of a specific finding (e.g., Active, Verified, False Positive).\n*   `add_finding_note`: Add a textual note to a finding.\n*   `create_finding`: Create a new finding associated with a test.\n*   `list_products`: List products with filtering (name, prod_type) and pagination.\n*   `list_engagements`: List engagements with filtering (product_id, status, name) and pagination.\n*   `get_engagement`: Get details for a specific engagement by its ID.\n*   `create_engagement`: Create a new engagement for a product.\n*   `update_engagement`: Modify details of an existing engagement.\n*   `close_engagement`: Mark an engagement as completed.\n\n*(See the original README content below for detailed usage examples of each tool)*\n\n## Usage Examples\n\n*(Note: These examples assume an MCP client environment capable of calling `use_mcp_tool`)*\n\n### Get Findings\n\n```python\n# Get active, high-severity findings (limit 10)\nresult = await use_mcp_tool(\"defectdojo\", \"get_findings\", {\n    \"status\": \"Active\",\n    \"severity\": \"High\",\n    \"limit\": 10\n})\n```\n\n### Search Findings\n\n```python\n# Search for findings containing 'SQL Injection'\nresult = await use_mcp_tool(\"defectdojo\", \"search_findings\", {\n    \"query\": \"SQL Injection\"\n})\n```\n\n### Update Finding Status\n\n```python\n# Mark finding 123 as Verified\nresult = await use_mcp_tool(\"defectdojo\", \"update_finding_status\", {\n    \"finding_id\": 123,\n    \"status\": \"Verified\"\n})\n```\n\n### Add Note to Finding\n\n```python\nresult = await use_mcp_tool(\"defectdojo\", \"add_finding_note\", {\n    \"finding_id\": 123,\n    \"note\": \"Confirmed vulnerability on staging server.\"\n})\n```\n\n### Create Finding\n\n```python\nresult = await use_mcp_tool(\"defectdojo\", \"create_finding\", {\n    \"title\": \"Reflected XSS in Search Results\",\n    \"test_id\": 55, # ID of the associated test\n    \"severity\": \"Medium\",\n    \"description\": \"User input in search is not properly sanitized, leading to XSS.\",\n    \"cwe\": 79\n})\n```\n\n### List Products\n\n```python\n# List products containing 'Web App' in their name\nresult = await use_mcp_tool(\"defectdojo\", \"list_products\", {\n    \"name\": \"Web App\",\n    \"limit\": 10\n})\n```\n\n### List Engagements\n\n```python\n# List 'In Progress' engagements for product ID 42\nresult = await use_mcp_tool(\"defectdojo\", \"list_engagements\", {\n    \"product_id\": 42,\n    \"status\": \"In Progress\"\n})\n```\n\n### Get Engagement\n\n```python\nresult = await use_mcp_tool(\"defectdojo\", \"get_engagement\", {\n    \"engagement_id\": 101\n})\n```\n\n### Create Engagement\n\n```python\nresult = await use_mcp_tool(\"defectdojo\", \"create_engagement\", {\n    \"product_id\": 42,\n    \"name\": \"Q2 Security Scan\",\n    \"target_start\": \"2025-04-01\",\n    \"target_end\": \"2025-04-15\",\n    \"status\": \"Not Started\"\n})\n```\n\n### Update Engagement\n\n```python\nresult = await use_mcp_tool(\"defectdojo\", \"update_engagement\", {\n    \"engagement_id\": 101,\n    \"status\": \"In Progress\",\n    \"description\": \"Scan initiated.\"\n})\n```\n\n### Close Engagement\n\n```python\nresult = await use_mcp_tool(\"defectdojo\", \"close_engagement\", {\n    \"engagement_id\": 101\n})\n```\n\n## Development\n\n### Setup\n\n1.  Clone the repository.\n2.  It's recommended to use a virtual environment:\n    ```bash\n    python -m venv .venv\n    source .venv/bin/activate # On Windows use `.venv\\Scripts\\activate`\n    ```\n3.  Install dependencies, including development dependencies:\n    ```bash\n    pip install -e \".[dev]\"\n    ```\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Contributing\n\nContributions are welcome! Please feel free to open an issue for bugs, feature requests, or questions. If you'd like to contribute code, please open an issue first to discuss the proposed changes.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjamiesonio%2Fdefectdojo-mcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjamiesonio%2Fdefectdojo-mcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjamiesonio%2Fdefectdojo-mcp/lists"}