mcp-contrast
Verified Safeby Contrast-Security-OSS
Overview
The MCP Server integrates with Contrast Security products (Assess, Scan, SCA, Protect/ADR) to expose application security data and capabilities as tools for AI/ML clients.
Installation
docker run -p 8080:8080 -e CONTRAST_HOST_NAME="your_contrast_host" -e CONTRAST_API_KEY="your_api_key" -e CONTRAST_SERVICE_KEY="your_service_key" -e CONTRAST_USERNAME="your_username" -e CONTRAST_ORG_ID="your_org_id" contrast/mcp-contrast:latestEnvironment Variables
- CONTRAST_HOST_NAME
- CONTRAST_API_KEY
- CONTRAST_SERVICE_KEY
- CONTRAST_USERNAME
- CONTRAST_ORG_ID
- http_proxy_host
- http_proxy_port
Security Notes
The server demonstrates good security practices including external configuration of sensitive API credentials via environment variables/Spring properties, and robust input validation for tool parameters. It also features caching mechanisms. No 'eval' or obfuscation was found. Potential information leakage could occur if debug logging (which includes raw API responses) is enabled in a sensitive production environment and logs are not adequately secured, but this is a common operational risk.
Similar Servers
code-index-mcp
Provides intelligent code indexing, searching, and analysis capabilities for large language models to understand and navigate codebases.
sonarqube-mcp-server
The SonarQube MCP Server enables seamless integration with SonarQube Server or Cloud for code quality and security analysis, including direct code snippet analysis within an agent context.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
tree-sitter-analyzer
A comprehensive, enterprise-grade code analysis tool designed for deep insights into multi-language codebases, with a strong focus on AI assistant integration via the Model Context Protocol (MCP) to facilitate intelligent development workflows and token optimization.