DefectDojo

Name: DefectDojo
Author: inspicere

inspicere/mcp-defectdojo

Let your coding agent query and update DefectDojo findings, products, and engagements through 24 RBAC-aware tools.

Overview

DefectDojo MCP is a Ship-phase MCP server that exposes 24 RBAC-guarded tools to manage vulnerabilities and engagements in DefectDojo from your coding agent.

What is this MCP server?

24 MCP tools against DefectDojo API v2 with role-based access control
HMAC audit chain and optional SIEM forwarding for enterprise-grade traceability
Dual-key mode: DEFECTDOJO_READ_API_KEY + DEFECTDOJO_WRITE_API_KEY for least privilege
PyPI package mcp-defectdojo v3.3.2 with uvx runtime hint
HTTPS-enforced DEFECTDOJO_URL (ALLOW_INSECURE_HTTP escape hatch documented)
24 MCP tools documented in server title/description
Server version 3.3.2 on PyPI identifier mcp-defectdojo
stdio transport with uvx runtime hint

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Vulnerability data lives in DefectDojo while your agent works in the IDE, so triage and updates stall without an API bridge.

Who is it for?

Solo builders or tiny teams with an existing DefectDojo instance who want agent-driven finding triage and engagement updates.

Skip if: Anyone without DefectDojo installed who only needs a lightweight local security checklist.

What do I get? / Deliverables

Your agent can read and write DefectDojo records under least-privilege keys with auditable tool access aligned to your instance RBAC.

Agent-driven queries and updates on DefectDojo findings and related objects
Audit-chain-backed MCP actions when HMAC and SIEM options are enabled

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Ship is where scan results become tracked vulnerabilities, remediation workflows, and evidence for launch—not ad-hoc spreadsheets. DefectDojo is a vulnerability management hub; this MCP subphase is security operations on findings your pentests and SAST already produced.

How it compares

DefectDojo API integration with 24 tools, not a standalone vulnerability scanner or Inkog-style pre-install MCP audit.

Common Questions / FAQ

Who is DefectDojo MCP for?

Developers and indie security leads who already use DefectDojo and want MCP-driven triage, reporting, and updates from Claude Code or similar agents.

When should I use DefectDojo MCP?

Use it in Ship security when consolidating scan results, tracking remediation before release, or automating DefectDojo workflows during code review.

How do I add DefectDojo MCP to my agent?

Run mcp-defectdojo via uvx from PyPI, set DEFECTDOJO_URL and DEFECTDOJO_API_KEY (or read/write split keys), then register the stdio server in your MCP client.

DefectDojo

inspicere/mcp-defectdojo

Let your coding agent query and update DefectDojo findings, products, and engagements through 24 RBAC-aware tools.

Overview

DefectDojo MCP is a Ship-phase MCP server that exposes 24 RBAC-guarded tools to manage vulnerabilities and engagements in DefectDojo from your coding agent.

What is this MCP server?

24 MCP tools against DefectDojo API v2 with role-based access control
HMAC audit chain and optional SIEM forwarding for enterprise-grade traceability
Dual-key mode: DEFECTDOJO_READ_API_KEY + DEFECTDOJO_WRITE_API_KEY for least privilege
PyPI package mcp-defectdojo v3.3.2 with uvx runtime hint
HTTPS-enforced DEFECTDOJO_URL (ALLOW_INSECURE_HTTP escape hatch documented)
24 MCP tools documented in server title/description
Server version 3.3.2 on PyPI identifier mcp-defectdojo
stdio transport with uvx runtime hint

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Vulnerability data lives in DefectDojo while your agent works in the IDE, so triage and updates stall without an API bridge.

Who is it for?

Solo builders or tiny teams with an existing DefectDojo instance who want agent-driven finding triage and engagement updates.

Skip if: Anyone without DefectDojo installed who only needs a lightweight local security checklist.

What do I get? / Deliverables

Your agent can read and write DefectDojo records under least-privilege keys with auditable tool access aligned to your instance RBAC.

Agent-driven queries and updates on DefectDojo findings and related objects
Audit-chain-backed MCP actions when HMAC and SIEM options are enabled

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

DefectDojo API integration with 24 tools, not a standalone vulnerability scanner or Inkog-style pre-install MCP audit.

Common Questions / FAQ

Who is DefectDojo MCP for?

Developers and indie security leads who already use DefectDojo and want MCP-driven triage, reporting, and updates from Claude Code or similar agents.

When should I use DefectDojo MCP?

Use it in Ship security when consolidating scan results, tracking remediation before release, or automating DefectDojo workflows during code review.

How do I add DefectDojo MCP to my agent?

Run mcp-defectdojo via uvx from PyPI, set DEFECTDOJO_URL and DEFECTDOJO_API_KEY (or read/write split keys), then register the stdio server in your MCP client.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is DefectDojo MCP for?

When should I use DefectDojo MCP?

How do I add DefectDojo MCP to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is DefectDojo MCP for?

When should I use DefectDojo MCP?

How do I add DefectDojo MCP to my agent?