intercept-mcp 0.2.2

MCP server exposing Intercept supply chain security data to MCP-compatible clients.

intercept-mcp

Model Context Protocol (MCP) server that exposes an Intercept tenant's repositories, findings, scans, and resolutions to MCP-compatible AI clients.

Installation

uvx intercept-mcp

Configuration

Variable	Required	Default
INTERCEPT_MCP_API_KEY	yes	—
INTERCEPT_API_URL	no	https://intercept.hijacksecurity.com

INTERCEPT_MCP_API_KEY is a personal-scope API key, generated from the Intercept web UI: Settings → Integrations → Generate MCP API Key. The value starts with hsk_.

INTERCEPT_API_URL defaults to Intercept production. Override with the URL provided by your Intercept administrator for other environments.

Claude Code configuration

Export the key from your shell profile (~/.zshrc, ~/.bashrc):

export INTERCEPT_MCP_API_KEY=hsk_xxxxxxxx

Then add the server to your MCP client config:

{
  "mcpServers": {
    "intercept": {
      "command": "uvx",
      "args": ["intercept-mcp"]
    }
  }
}

Restart the client. Verify with claude mcp list.

If you prefer to keep the key in the client config instead of the shell:

{
  "mcpServers": {
    "intercept": {
      "command": "uvx",
      "args": ["intercept-mcp"],
      "env": {
        "INTERCEPT_MCP_API_KEY": "hsk_xxxxxxxx"
      }
    }
  }
}

Tools

Name	Description
list_repositories	List repositories in the current tenant.
get_repository	Get a repository by ID.
get_repository_posture	Get the posture evaluation for a repository.
list_findings	List findings by type (sast, secrets, container, iac, pipeline, sbom_vuln), filtered by repository, severity, or open status.
get_sast_finding	Get a SAST finding by ID.
get_finding	Deprecated alias for get_sast_finding. Prefer get_sast_finding.
get_secrets_finding	Get a secret finding by ID.
get_container_file	Get a Dockerfile by ID with its nested security findings.
get_iac_file	Get an IaC file by ID with its nested security findings.
get_pipeline	Get a CI/CD pipeline by ID with its actions and findings.
get_sbom_vuln_finding	Get an SBOM vulnerability (dependency) finding by ID.
list_scans	List scans, optionally filtered by repository.
get_scan	Get a scan by ID.
list_organizations	List organizations in the current tenant.
get_organization	Get an organization by slug.
get_tenant_posture_summary	Get the tenant-wide posture summary (score, grade, category breakdown).
update_finding_status	Update the status and optional note on a finding resolution.
bulk_update_finding_status	Bulk-update the status and optional note on up to 500 finding resolutions.
comment_on_finding	Attach a note to a finding resolution without changing its status.
trigger_scan	Trigger a new scan for a repository.

License

Proprietary — Hijack Security.