defectdojo-mcp
The DefectDojo MCP Server provides a Model Context Protocol server interface for DefectDojo, allowing AI agents to interact with its API. It supports managing findings, products, and engagements, providing automation in vulnerability management tasks through DefectDojo.
DefectDojo MCP Server
This project provides a Model Context Protocol (MCP) server implementation for DefectDojo, a popular open-source vulnerability management tool. It enables AI agents and other MCP clients to interact programmatically with DefectDojo's API.
Features
- Manage key DefectDojo entities: Findings, Products, and Engagements.
- Fetch, search, create, update status, and add notes to findings.
- List and manage products and engagements.
Installation & Running
-
Using
uvx(Recommended):- Execute the server with automatic dependency management.
-
Using
pip:- Install via pip from source or PyPI.
- Run
defectdojo-mcpafter installation.
Configuration
Set environment variables DEFECTDOJO_API_TOKEN and DEFECTDOJO_API_BASE for server connection.
Available Tools
Tools available via the MCP interface include get_findings, search_findings, update_finding_status, add_finding_note, create_finding, list_products, list_engagements, get_engagement, create_engagement, update_engagement, and close_engagement.
Development
- Clone the repository.
- Set up a virtual environment.
- Install dependencies for development.
License
This project is licensed under the MIT License.
Contributing
Contributions are welcome via issues and pull requests.