DefectDojo MCP Server
Provides a Model Context Protocol server implementation that allows AI agents and other MCP clients to programmatically interact with DefectDojo, a vulnerability management tool, for managing findings, products, and engagements.
Tools
update_finding_status
Update the status of a finding (Active, Verified, False Positive, Mitigated, Inactive)
add_finding_note
Add a note to a finding
get_findings
Get findings with filtering options and pagination support
search_findings
Search for findings using a text query with pagination support
create_finding
Create a new finding
list_products
List all products with optional filtering and pagination support
list_engagements
List engagements with optional filtering and pagination support
get_engagement
Get a specific engagement by ID
create_engagement
Create a new engagement
update_engagement
Update an existing engagement
close_engagement
Close an engagement
README
DefectDojo MCP Server
<!-- Add this badge if/when published to PyPI -->
This project provides a Model Context Protocol (MCP) server implementation for DefectDojo, a popular open-source vulnerability management tool. It allows AI agents and other MCP clients to interact with the DefectDojo API programmatically.
Features
This MCP server exposes tools for managing key DefectDojo entities:
- Findings: Fetch, search, create, update status, and add notes.
- Products: List available products.
- Engagements: List, retrieve details, create, update, and close engagements.
Installation & Running
There are a couple of ways to run this server:
Using uvx (Recommended)
uvx executes Python applications in temporary virtual environments, installing dependencies automatically.
uvx defectdojo-mcp
Using pip
You can install the package into your Python environment using pip.
# Install directly from the cloned source code directory
pip install .
# Or, if the package is published on PyPI
pip install defectdojo-mcp
Once installed via pip, run the server using:
defectdojo-mcp
Configuration
The server requires the following environment variables to connect to your DefectDojo instance:
DEFECTDOJO_API_TOKEN(required): Your DefectDojo API token for authentication.DEFECTDOJO_API_BASE(required): The base URL of your DefectDojo instance (e.g.,https://your-defectdojo-instance.com).
You can configure these in your MCP client's settings file. Here's an example using the uvx command:
{
"mcpServers": {
"defectdojo": {
"command": "uvx",
"args": ["defectdojo-mcp"],
"env": {
"DEFECTDOJO_API_TOKEN": "YOUR_API_TOKEN_HERE",
"DEFECTDOJO_API_BASE": "https://your-defectdojo-instance.com"
}
}
}
}
If you installed the package using pip, the configuration would look like this:
{
"mcpServers": {
"defectdojo": {
"command": "defectdojo-mcp",
"args": [],
"env": {
"DEFECTDOJO_API_TOKEN": "YOUR_API_TOKEN_HERE",
"DEFECTDOJO_API_BASE": "https://your-defectdojo-instance.com"
}
}
}
}
Available Tools
The following tools are available via the MCP interface:
get_findings: Retrieve findings with filtering (product_name, status, severity) and pagination (limit, offset).search_findings: Search findings using a text query, with filtering and pagination.update_finding_status: Change the status of a specific finding (e.g., Active, Verified, False Positive).add_finding_note: Add a textual note to a finding.create_finding: Create a new finding associated with a test.list_products: List products with filtering (name, prod_type) and pagination.list_engagements: List engagements with filtering (product_id, status, name) and pagination.get_engagement: Get details for a specific engagement by its ID.create_engagement: Create a new engagement for a product.update_engagement: Modify details of an existing engagement.close_engagement: Mark an engagement as completed.
(See the original README content below for detailed usage examples of each tool)
Usage Examples
(Note: These examples assume an MCP client environment capable of calling use_mcp_tool)
Get Findings
# Get active, high-severity findings (limit 10)
result = await use_mcp_tool("defectdojo", "get_findings", {
"status": "Active",
"severity": "High",
"limit": 10
})
Search Findings
# Search for findings containing 'SQL Injection'
result = await use_mcp_tool("defectdojo", "search_findings", {
"query": "SQL Injection"
})
Update Finding Status
# Mark finding 123 as Verified
result = await use_mcp_tool("defectdojo", "update_finding_status", {
"finding_id": 123,
"status": "Verified"
})
Add Note to Finding
result = await use_mcp_tool("defectdojo", "add_finding_note", {
"finding_id": 123,
"note": "Confirmed vulnerability on staging server."
})
Create Finding
result = await use_mcp_tool("defectdojo", "create_finding", {
"title": "Reflected XSS in Search Results",
"test_id": 55, # ID of the associated test
"severity": "Medium",
"description": "User input in search is not properly sanitized, leading to XSS.",
"cwe": 79
})
List Products
# List products containing 'Web App' in their name
result = await use_mcp_tool("defectdojo", "list_products", {
"name": "Web App",
"limit": 10
})
List Engagements
# List 'In Progress' engagements for product ID 42
result = await use_mcp_tool("defectdojo", "list_engagements", {
"product_id": 42,
"status": "In Progress"
})
Get Engagement
result = await use_mcp_tool("defectdojo", "get_engagement", {
"engagement_id": 101
})
Create Engagement
result = await use_mcp_tool("defectdojo", "create_engagement", {
"product_id": 42,
"name": "Q2 Security Scan",
"target_start": "2025-04-01",
"target_end": "2025-04-15",
"status": "Not Started"
})
Update Engagement
result = await use_mcp_tool("defectdojo", "update_engagement", {
"engagement_id": 101,
"status": "In Progress",
"description": "Scan initiated."
})
Close Engagement
result = await use_mcp_tool("defectdojo", "close_engagement", {
"engagement_id": 101
})
Development
Setup
- Clone the repository.
- It's recommended to use a virtual environment:
python -m venv .venv source .venv/bin/activate # On Windows use `.venv\Scripts\activate` - Install dependencies, including development dependencies:
pip install -e ".[dev]"
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
Contributions are welcome! Please feel free to open an issue for bugs, feature requests, or questions. If you'd like to contribute code, please open an issue first to discuss the proposed changes.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.