mcp-contrast
Verified Safeby Contrast-Security-OSS
Overview
This server acts as a Microservice Chassis Platform (MCP) host, providing AI agents with a set of tools to interact with the Contrast Security platform. It enables querying and managing application security data, including vulnerabilities, attacks, SAST results, software composition analysis (SCA), and route coverage.
Installation
docker run -p 8080:8080 -e CONTRAST_HOST_NAME="your_contrast_host" -e CONTRAST_API_KEY="your_api_key" -e CONTRAST_SERVICE_KEY="your_service_key" -e CONTRAST_USERNAME="your_username" -e CONTRAST_ORG_ID="your_org_id" contrast/mcp-contrast:latestEnvironment Variables
- CONTRAST_HOST_NAME
- CONTRAST_API_KEY
- CONTRAST_SERVICE_KEY
- CONTRAST_USERNAME
- CONTRAST_ORG_ID
- http_proxy_host
- http_proxy_port
- contrast.api.protocol
Security Notes
The server demonstrates strong security practices for an API proxy. It uses a dedicated SDK for Contrast API interaction, enforces input validation on all tool parameters (using a fluent validation API), and explicitly checks for all required API credentials at startup. There's no apparent use of 'eval' or direct arbitrary command execution. Credentials are externalized via environment variables. The API calls are wrapped in a structured error handling and logging pipeline. The deprecated SAST results tool warns about large output, indicating awareness of potential context overflow. Overall, the design prioritizes secure interaction with the Contrast platform.
Similar Servers
code-index-mcp
Intelligent code indexing and analysis for Large Language Models, enabling tasks such as code review, refactoring, documentation generation, debugging assistance, and architectural analysis.
sonarqube-mcp-server
The SonarQube MCP Server enables seamless integration with SonarQube Server or Cloud for code quality and security, supporting analysis of code snippets and acting as a backend for AI coding agents.
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.