DefectDojo
MCP server for DefectDojo: 24 tools with RBAC, HMAC audit chain, and SIEM forwarding
Using DefectDojo in Claude, Cursor, Gemini CLI, Cline, or Zed?
MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts—before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).
Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less
curl -fsSL https://mcpindex.ai/install.sh | shSemantic screen found no manipulation pattern in the description. Conformance probe not yet run.
mcpindex.integrity.descriptionpassINFOevidence“No malicious instructions found”via static_description
- - Semantic screen only - the deterministic conformance probe has not run on this server
- - Confidence is reported but not yet calibrated (v1)
- - Screen reads the tool description, not the live behavior
- - advisory
- - registry description only no input schema
- - screen model 8b
Semantic screen: an LLM judge reads the tool description for hidden instructions (status PARTIAL). A pass means the description is not lying, not that the tool is safe: a high-capability tool with an honest description still warrants caution. The deterministic conformance probe has not been run on this server yet, so the screen here is semantic-only. Posture: advisory. Confidences are reported but not yet calibrated (calibrated=false at v1). Full verdict history is not shown on this page.
Own this server? Screen its description →
A live verdict badge for your README or listing. It reflects the current screen, links back here, and updates when the verdict does.
[](https://mcpindex.ai/server/io-github-inspicere-mcp-defectdojo)<a href="https://mcpindex.ai/server/io-github-inspicere-mcp-defectdojo"><img src="https://mcpindex.ai/api/v1/badge/io-github-inspicere-mcp-defectdojo" alt="mcpindex verdict" height="20" /></a>DEFECTDOJO_URLBase URL of the DefectDojo instance (must use https:// unless ALLOW_INSECURE_HTTP=true)
DEFECTDOJO_API_KEYAPI key for DefectDojo (generate at DefectDojo > API v2 > Your API Key). Use DEFECTDOJO_READ_API_KEY + DEFECTDOJO_WRITE_API_KEY for least-privilege dual-key mode.
DEFECTDOJO_READ_API_KEYOptional read-only API key (used for GET requests in dual-key mode)
DEFECTDOJO_WRITE_API_KEYOptional write API key (used for POST/PATCH in dual-key mode)
MCP_AUTH_TOKENBearer token granting admin-role access (legacy single-token mode — prefer MCP_ROLE_<NAME>=<token>:<role> for RBAC)
AUDIT_HMAC_KEYHMAC key for audit log integrity chain. Required for cross-restart log verification on network transports. Generate with: python3 -c 'import secrets; print(secrets.token_hex(32))'
Resolve .hood names on Robinhood Chain — forward/reverse, text records, availability & pricing.
AI-powered trading strategy development: backtesting, market data, and portfolio analysis
Feature flagging and A/B testing platform with AI-first experimentation workflows.