github-dependabot-mcp-server

github-dependabot-mcp-server

3.2
security

If you are the rightful owner of github-dependabot-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcpreview.com.

Fetches Github Dependabot alerts for a specified repository.

🏠📄

Github Dependabot MCP server

Fetches Github Dependabot alerts for a specified repository.

Requirements

  • uv: A fast Python package installer and resolver. Used to run the script and manage dependencies.
  • Github Personal Access Token: Required for authenticating with the Github API. Ensure it has the necessary permissions (e.g., repo, security_events).

Setup

  1. Install uv: Follow the official installation instructions for your OS:

    • macOS / Linux:
      • Using Homebrew (macOS): 
        brew install uv
      • Or using curl: 
        curl -LsSf https://astral.sh/uv/install.sh | sh
    • Windows (PowerShell): 
      irm https://astral.sh/uv/install.ps1 | iex
    • Other methods: See the uv documentation.

  2. Clone the repository:

    git clone git@github.com:avarant/github-dependabot-mcp-server.git
cd github-dependabot-mcp-server

  3. Set up Github Authentication:

    First, you need to generate a Github Personal Access Token (PAT) if you don't already have one:

    1. Go to your Github Settings -> Developer settings -> Personal access tokens -> Tokens (classic).
    2. Click "Generate new token" (or "Generate new token (classic)").
    3. Give your token a descriptive name (e.g., "MCP Dependabot Server").
    4. Set an expiration date.
    5. Select the necessary scopes:
      • repo (Full control of private repositories) - needed for accessing repository data.
      • security_events (Read security events) - needed for reading Dependabot alerts.
    6. Click "Generate token" and copy the generated token immediately. You won't be able to see it again.

    Once you have your token, this server requires it to authenticate with the Github API. There are two ways to provide it:

    • Option 1: Using macOS Keychain (Recommended on macOS): The script will automatically attempt to read the token from your macOS Keychain using the keyring library.

      • Via Command Line: Run the following command in your terminal, replacing <your token> with your actual Github token:

        # Make sure you are in the project's virtual environment if you have one active
# Or install keyring globally if needed: pip install keyring
keyring set github_mcp_server personal_access_token
# It will prompt you to enter the token securely.

        Alternatively, using the Python module:

        python -m keyring set github_mcp_server personal_access_token

      • Via Keychain Access UI:

        1. Open "Keychain Access" (Applications -> Utilities).
        2. Select the login keychain and the Passwords category.
        3. Click the + button to add a new item.
        4. Enter the following details:
          • Keychain Item Name: personal_access_token
          • Account Name: github_mcp_server
          • Password: Paste your Github token.
        5. Click "Add".

    • Option 2: Using Environment Variable: If the token is not found in the Keychain, the script will fall back to using the GITHUB_PERSONAL_ACCESS_TOKEN environment variable. If you use this method, the script will attempt to store the token in your Keychain for future use (if keyring is functional).

  4. Update your MCP configuration:

    Edit your global ~/.cursor/mcp.json or create a local .cursor/mcp.json file within your project:

    {
  "mcpServers": {
    "github": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "GITHUB_PERSONAL_ACCESS_TOKEN",
        "mcp/github"
      ],
      "env": {
        // Optional: Set if NOT using Keychain, or as a fallback.
        // "GITHUB_PERSONAL_ACCESS_TOKEN": "<your github token>"
      }
    },
    "github-dependabot": {
      "command": "uv",
      "args": [
        "--directory",
        "<absolute path to github-dependabot-mcp-server directory>",
        "run",
        "mcp",
        "run",
        "main.py"
      ],
      "env": {
        // Optional: Set if NOT using Keychain, or as a fallback.
        // "GITHUB_PERSONAL_ACCESS_TOKEN": "<your github token>"
      }
    }
  }
}

    Note: Replace <absolute path to github-dependabot-mcp-server directory> with your actual path.

Tools Provided

This MCP server provides the following tool:

  • get_dependabot_alerts(repo_owner: str, repo_name: str):
    • Fetches Dependabot alerts for the specified repository.
    • repo_owner: The owner of the repository (username or organization).
    • repo_name: The name of the repository.
    • Returns a list of alert objects from the Github API.

Usage Example

example prompt

Fetch all dependabot alerts for https://github.com/avarant/github-dependabot-mcp-server

Related MCP Servers

View all security servers →
gateway

gateway

4.6

by centralmind

CentralMind Gateway is a tool designed to expose databases to AI agents via MCP or OpenAPI protocols, providing secure, LLM-optimized APIs.

databases
better-auth-mcp-server

better-auth-mcp-server

4.2

by nahmanmate

MCP Server for Authentication Management

security
kubectl-mcp-server

kubectl-mcp-server

4.2

by rohitg00

Kubectl MCP Server is a Model Context Protocol server for Kubernetes, enabling AI assistants to interact with Kubernetes clusters using natural language.

os_automation
ida-pro-mcp

ida-pro-mcp

4.1

by mrexodia

Simple MCP Server to allow vibe reversing in IDA Pro.

developer_tools
LitterBox

LitterBox

4.1

by BlackSnufkin

LitterBox is a controlled sandbox environment for security professionals to develop and test payloads, offering advanced analysis capabilities.

security
volatility3-mcp

volatility3-mcp

4.0

by Kirandawadi

Volatility3 MCP Server is a tool that integrates MCP clients with the Volatility3 memory forensics framework, enabling LLMs to perform memory forensics tasks through a conversational interface.

security
mcp

mcp

4.0

by semgrep

Semgrep MCP Server is a Model Context Protocol server that uses Semgrep to scan code for security vulnerabilities.

security
win-cli-mcp-server

win-cli-mcp-server

4.0

by SimonB97

MCP server for secure command-line interactions on Windows systems, enabling controlled access to PowerShell, CMD, Git Bash shells, and remote systems via SSH.

os_automation
code-sandbox-mcp

code-sandbox-mcp

4.0

by Automata-Labs-team

A secure sandbox environment for executing code within Docker containers. This MCP server provides AI applications with a safe and isolated environment for running code while maintaining security through containerization.

security