Black Duck Security Scanner

Name: Black Duck Security Scanner
Author: blackducksoftware

blackducksoftware/mcp-server

Run dependency and codebase vulnerability scans from your coding agent without leaving the editor.

Overview

Black Duck Security Scanner is an MCP server for the Ship phase that runs AI-powered vulnerability detection via Black Duck Signal from your agent.

What is this MCP server?

Exposes Black Duck Signal vulnerability detection to MCP-compatible agents
Stdio npm package @black-duck/mcp-server (v1.1.6)
AI-assisted security scanning workflow for active development repos
Fits pre-release and dependency-upgrade review loops
Open-source server on GitHub (blackducksoftware/mcp-server)
Server version 1.1.6
npm package identifier @black-duck/mcp-server
Transport: stdio

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You keep shipping features while unsure whether new dependencies or code paths introduced exploitable issues you never formally scanned.

Who is it for?

Indie developers already using or evaluating Black Duck Signal who want agent-driven scan triggers during build-and-ship cycles.

Skip if: Teams that need DNS, email, or pre-action agent gates without a Black Duck Signal subscription or equivalent setup.

What do I get? / Deliverables

Your agent can request Signal-backed vulnerability checks during development so security review stays in the same loop as coding.

Agent-invoked vulnerability scan results via Black Duck Signal
Repeatable security check step in your ship workflow
Stdio MCP server wired into local development

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Security validation belongs in Ship, right before release or after major dependency changes. Black Duck Signal targets vulnerability detection—core application security work, not generic monitoring.

How it compares

SCA and vulnerability MCP bridge, not a general DNS or agent policy firewall.

Common Questions / FAQ

Who is Black Duck Security Scanner for?

Solo and small teams building software with AI agents who want Black Duck Signal vulnerability detection callable over MCP.

When should I use Black Duck Security Scanner?

Use it in Ship—after dependency updates, before releases, or when reviewing security-sensitive changes suggested by an agent.

How do I add Black Duck Security Scanner to my agent?

Install the npm package @black-duck/mcp-server, configure stdio MCP in Claude Code or Cursor, and authenticate per Black Duck Signal requirements for your environment.

Black Duck Security Scanner

blackducksoftware/mcp-server

Run dependency and codebase vulnerability scans from your coding agent without leaving the editor.

Overview

Black Duck Security Scanner is an MCP server for the Ship phase that runs AI-powered vulnerability detection via Black Duck Signal from your agent.

What is this MCP server?

Exposes Black Duck Signal vulnerability detection to MCP-compatible agents
Stdio npm package @black-duck/mcp-server (v1.1.6)
AI-assisted security scanning workflow for active development repos
Fits pre-release and dependency-upgrade review loops
Open-source server on GitHub (blackducksoftware/mcp-server)
Server version 1.1.6
npm package identifier @black-duck/mcp-server
Transport: stdio

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You keep shipping features while unsure whether new dependencies or code paths introduced exploitable issues you never formally scanned.

Who is it for?

Indie developers already using or evaluating Black Duck Signal who want agent-driven scan triggers during build-and-ship cycles.

Skip if: Teams that need DNS, email, or pre-action agent gates without a Black Duck Signal subscription or equivalent setup.

What do I get? / Deliverables

Your agent can request Signal-backed vulnerability checks during development so security review stays in the same loop as coding.

Agent-invoked vulnerability scan results via Black Duck Signal
Repeatable security check step in your ship workflow
Stdio MCP server wired into local development

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

SCA and vulnerability MCP bridge, not a general DNS or agent policy firewall.

Common Questions / FAQ

Who is Black Duck Security Scanner for?

Solo and small teams building software with AI agents who want Black Duck Signal vulnerability detection callable over MCP.

When should I use Black Duck Security Scanner?

Use it in Ship—after dependency updates, before releases, or when reviewing security-sensitive changes suggested by an agent.

How do I add Black Duck Security Scanner to my agent?

Install the npm package @black-duck/mcp-server, configure stdio MCP in Claude Code or Cursor, and authenticate per Black Duck Signal requirements for your environment.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Black Duck Security Scanner for?

When should I use Black Duck Security Scanner?

How do I add Black Duck Security Scanner to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Black Duck Security Scanner for?

When should I use Black Duck Security Scanner?

How do I add Black Duck Security Scanner to my agent?