FedRAMP20xMCP
Verified Safeby KevinRabun
Overview
An MCP server for FedRAMP 20x compliance analysis, providing automated code and infrastructure scanning, evidence automation, and documentation tools.
Installation
python -m fedramp_20x_mcpEnvironment Variables
- GITHUB_TOKEN
- NVD_API_KEY
- FEDRAMP_CACHE_DIR
- AZURE_CLIENT_ID
- AZURE_TENANT_ID
- AZURE_CLIENT_SECRET
- AZURE_SUBSCRIPTION_ID
Security Notes
The server performs static analysis (SAST-like) and Infrastructure as Code (IaC) scanning for FedRAMP 20x compliance. It leverages Abstract Syntax Tree (AST) parsing (using Tree-sitter) and regex for multi-language (Python, C#, Java, TypeScript) and IaC (Bicep, Terraform) analysis. External CVE data is fetched from GitHub Advisory Database and NVD. No hardcoded secrets were found in the provided code snippets of the server itself; its analyzers are designed to detect them in the *analyzed* code. No use of 'eval' or obvious obfuscation. The primary risk involves the reliability and integrity of external CVE data sources.
Similar Servers
atomic-red-team-mcp
An MCP server providing tools to search, validate, refresh, and optionally execute Atomic Red Team security tests for threat emulation and security development.
copilot-security-instructions
This MCP server provides a toolkit to guide GitHub Copilot toward secure coding practices by offering customizable security-focused prompts and agents for integration into development workflows.
ggmcp
A focused MCP server for developers, providing remediation tools for secrets detected in code and honeytoken management capabilities.
fedramp-docs-mcp
A Model Context Protocol (MCP) server for querying FedRAMP compliance documentation and NIST controls, designed to be used by AI agents and developers.