Skip to main content
Integrate CybeDefend’s security platform directly into your AI-powered IDE with our MCP Server—a secure-by-design companion for AI code assistants.

What is the CybeDefend MCP Server?

The Model Context Protocol (MCP) Server plugs your favorite LLM (Cursor, Claude, VS Code Copilot Chat, Windsurf, etc.) into the CybeDefend platform, enabling your AI assistant to access vulnerability data and provide security guidance directly within your IDE.

Key Benefits

BenefitWhat it enables
Direct Vulnerability AccessFetch SAST, IaC, and SCA findings using your project ID
In-IDE RemediationJump to exact file/line with code snippets for inline fixes
Always Up-to-DatePull latest results and statuses as scans complete
Zero-SetupOne command, no local API proxies, pure STDIO
All endpoints are thin wrappers around CybeDefend’s REST API—no data is stored locally.

Quick Start

Prerequisites

  • Node ≥ 18
  • A CybeDefend API key with project-level access

Install Globally (Optional)

npm i -g @cybedefend/mcp-server
Or use npx directly—no global install needed.

Supported AI Clients

  • Cursor / Claude Desktop
  • VS Code with MCP extension
  • Windsurf
  • Docker (air-gapped CI)

Available Tools

The MCP server provides tools to interact with your CybeDefend projects:
  • Scan: get_scan - Current state, progress, counts
  • Overview: get_project_overview - Critical/high/… per scanner
  • SAST: list_vulnerabilities_sast, get_vulnerability_sast
  • IaC: list_vulnerabilities_iac, get_vulnerability_iac
  • SCA: list_vulnerabilities_sca, get_vulnerability_sca, list_sca_packages

Example Chat Prompts

With your project configured, you can ask your AI assistant:
  • “Show critical SAST bugs in Java”
  • “How far along is scan abcd-efgh?”
  • “Details of vulnerability c0ffee”
Your AI assistant will automatically call the appropriate tools and return formatted results.
Related: VS Code Extension · Cybe Security Champion · GitHub Repository
I