nowsecure-mcp-server
Enables interaction with NowSecure Platform for listing applications, retrieving remediation findings, and generating remediation PDFs via REST and GraphQL APIs.
README
NowSecure MCP Server ๐๐
Made by Tatavarthi Tarun ยท LinkedIn
A small Model Context Protocol (MCP) server for NowSecure Platform. Built to work
around the broken UI PDF export
(Failed to load report data: Enum "JiraIntegrationCustomFieldType" cannot represent value: "")
by pulling findings through the REST + GraphQL APIs and, when needed, rendering
the remediation PDF locally instead of relying on NowSecure's report service.
Requirements
- Node.js >= 18 (the only prerequisite โ
npxfetches the package on demand) - A NowSecure Platform API token (PAT) โ each user supplies their own (see Auth)
Tools
| Tool | What it does |
|---|---|
list_applications |
Lists your portfolio apps (REST). Find app refs + latest assessment. |
get_remediation_findings |
Returns findings needing remediation as JSON (GraphQL). Ideal for feeding an agent. |
generate_remediation_pdf |
Renders a clean PDF locally from the findings. Works even when NowSecure's renderer fails. |
download_assessment_pdf |
Tries NowSecure's REST PDF endpoint (separate path from the broken UI export). |
Auth (each user uses their own token)
Every user generates their own NowSecure Platform API bearer token (PAT) and puts it in their local MCP config. No token is bundled with this package.
Create one in Platform: Profile icon (top right) > Tokens.
NOWSECURE_TOKEN(required) โ your personal PATNOWSECURE_API_BASE(optional) โ defaults tohttps://api.nowsecure.com
Install
No clone or manual install needed โ npx fetches and runs the latest version.
You just need Node.js >= 18.
MCP client config
All examples run the package via npx (no clone/install needed โ just Node.js
= 18). Replace the token with your own personal PAT.
Claude Code
Use the CLI (recommended โ it validates and writes to the right file):
claude mcp add nowsecure --env NOWSECURE_TOKEN=<your-personal-pat-here> -- npx -y nowsecure-mcp-server
Add --scope user to make it available across all your projects. Or edit
.mcp.json (project) / ~/.claude.json (user) directly:
{
"mcpServers": {
"nowsecure": {
"command": "npx",
"args": ["-y", "nowsecure-mcp-server"],
"env": { "NOWSECURE_TOKEN": "<your-personal-pat-here>" }
}
}
}
Cursor
Edit ~/.cursor/mcp.json (global) or .cursor/mcp.json (per project):
{
"mcpServers": {
"nowsecure": {
"command": "npx",
"args": ["-y", "nowsecure-mcp-server"],
"env": { "NOWSECURE_TOKEN": "<your-personal-pat-here>" }
}
}
}
Google Antigravity
In the agent panel / Settings, open MCP Servers โ Manage / Raw Config to edit
mcp_config.json, then add:
{
"mcpServers": {
"nowsecure": {
"command": "npx",
"args": ["-y", "nowsecure-mcp-server"],
"env": { "NOWSECURE_TOKEN": "<your-personal-pat-here>" }
}
}
}
GitHub Copilot (VS Code)
VS Code uses a top-level servers key (not mcpServers). Add to .vscode/mcp.json
in your workspace, or your user mcp.json (Command Palette โ MCP: Open User
Configuration):
{
"servers": {
"nowsecure": {
"type": "stdio",
"command": "npx",
"args": ["-y", "nowsecure-mcp-server"],
"env": { "NOWSECURE_TOKEN": "<your-personal-pat-here>" }
}
}
}
Kiro
Add to ~/.kiro/settings/mcp.json (global) or .kiro/settings/mcp.json (workspace):
{
"mcpServers": {
"nowsecure": {
"command": "npx",
"args": ["-y", "nowsecure-mcp-server"],
"env": { "NOWSECURE_TOKEN": "<your-personal-pat-here>" },
"disabled": false,
"autoApprove": ["list_applications", "get_remediation_findings"]
}
}
}
If published to a private/scoped registry, use the scoped name instead, e.g.
"args": ["-y", "@your-scope/nowsecure-mcp-server"].
Example usage
First list your apps with list_applications to find an app ref, then ask your
agent (placeholders shown โ substitute your own refs):
Generate a remediation PDF for app
<app-ref-uuid>to ./remediation.pdf
If you omit the assessment ref, the latest assessment for that app is used.
Author
Tatavarthi Tarun ๐๐ linkedin.com/in/tatav
If this saved you from NowSecure's broken PDF export, a connect on LinkedIn is appreciated!
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.