io.github.inspicere

mcp-defectdojo

DefectDojo

MCP server for DefectDojo: 24 tools with RBAC, HMAC audit chain, and SIEM forwarding

stdiocommunityservice

Package Details

mcp-defectdojo

3.2.6https://pypi.org/project/mcp-defectdojo
Transportstdio
Runtimeuvx

Environment Variables

DEFECTDOJO_URL
Required

Base URL of the DefectDojo instance (must use https:// unless ALLOW_INSECURE_HTTP=true)

DEFECTDOJO_API_KEY
RequiredSecret

API key for DefectDojo (generate at DefectDojo > API v2 > Your API Key). Use DEFECTDOJO_READ_API_KEY + DEFECTDOJO_WRITE_API_KEY for least-privilege dual-key mode.

DEFECTDOJO_READ_API_KEY
Secret

Optional read-only API key (used for GET requests in dual-key mode)

DEFECTDOJO_WRITE_API_KEY
Secret

Optional write API key (used for POST/PATCH in dual-key mode)

MCP_AUTH_TOKEN
Secret

Bearer token granting admin-role access (legacy single-token mode — prefer MCP_ROLE_<NAME>=<token>:<role> for RBAC)

AUDIT_HMAC_KEY
Secret

HMAC key for audit log integrity chain. Required for cross-restart log verification on network transports. Generate with: python3 -c 'import secrets; print(secrets.token_hex(32))'