DependencyTrack MCP Server for vulnerability assessment in CI/CD pipelines
Project description
DependencyTrack MCP Server
A Model Context Protocol (MCP) server that provides AI assistants with vulnerability assessment capabilities for CI/CD pipelines using DependencyTrack.
Features
- Search Projects: Find projects in DependencyTrack by name with wildcard support
- List Projects: Get all projects with pagination support
- Vulnerability Assessment: Get Critical & High severity vulnerabilities with fix information
- Detailed Vulnerability Info: Get comprehensive vulnerability details
- CI/CD Integration: Designed for automated pipeline security assessment
Installation
Using uvx (Recommended)
# Install the MCP server from PyPI
uvx install mareana-dtrack-mcp-server
# Or install from local directory for development
uvx install ./dtrack-mcp-server
Using pip
# Install from PyPI
pip install mareana-dtrack-mcp-server
# Or install from local directory for development
pip install ./dtrack-mcp-server
# Or install in development mode
pip install -e ./dtrack-mcp-server
Configuration
The MCP server requires the following environment variables:
export DTRACK_BASE_URL="https://your-dtrack-server.com"
export DTRACK_USERNAME="your-username"
export DTRACK_PASSWORD="your-password"
Usage
Running the MCP Server
# Set environment variables
export DTRACK_BASE_URL="https://your-dtrack-server.com"
export DTRACK_USERNAME="your-username"
export DTRACK_PASSWORD="your-password"
# Run the server
mareana-dtrack-mcp-server
Using with AI Assistants
The MCP server provides the following tools:
1. Search Projects
Search for projects by name with wildcard support:
{
"name": "search_projects",
"arguments": {
"query": "admin%"
}
}
Wildcard patterns:
admin%- Projects starting with "admin"%service- Projects ending with "service"%web%- Projects containing "web"admin- Projects containing "admin"
2. List Projects
List all projects with pagination:
{
"name": "list_projects",
"arguments": {
"fetch_all": true,
"page_size": 100
}
}
3. Get Vulnerability Assessment
Get Critical & High vulnerabilities with fix information (ideal for CI/CD):
{
"name": "get_vulnerability_assessment",
"arguments": {
"project_uuid": "your-project-uuid"
}
}
4. Get Project Vulnerabilities
Get vulnerabilities for a specific project:
{
"name": "get_project_vulnerabilities",
"arguments": {
"project_uuid": "your-project-uuid",
"critical_high_only": true,
"suppress_inactive": true
}
}
5. Get Vulnerability Details
Get detailed information about a specific vulnerability:
{
"name": "get_vulnerability_details",
"arguments": {
"vulnerability_uuid": "your-vulnerability-uuid"
}
}
Resources
The server also provides resources that can be read:
dtrack://projects- List of all projectsdtrack://vulnerabilities- All critical and high severity vulnerabilities
Example Workflow
-
Search for your project:
{ "name": "search_projects", "arguments": { "query": "my-application" } }
-
Get vulnerability assessment:
{ "name": "get_vulnerability_assessment", "arguments": { "project_uuid": "found-project-uuid" } }
-
Analyze results for CI/CD pipeline decisions:
has_critical_high_vulns: Boolean indicating if action is neededtotal_critical_high: Total count of critical/high vulnerabilitiescritical_count: Number of critical vulnerabilitieshigh_count: Number of high vulnerabilitiesvulnerabilities: Array with detailed vulnerability information and fix details
CI/CD Integration
The vulnerability assessment response is designed for easy CI/CD integration:
{
"project_uuid": "uuid",
"has_critical_high_vulns": true,
"total_critical_high": 3,
"critical_count": 1,
"high_count": 2,
"vulnerabilities": [
{
"vuln_id": "CVE-2023-1234",
"severity": "CRITICAL",
"cvss_score": 9.8,
"description": "Remote code execution vulnerability...",
"components": [
{
"name": "apache-commons",
"version": "2.1.0",
"purl": "pkg:maven/org.apache.commons/commons-lang3@2.1.0"
}
],
"fix_available": true,
"fix_info": "Patched versions: 2.1.1, 2.2.0",
"published": "2023-01-15",
"cwe": "CWE-94"
}
]
}
Development
Running Tests
cd dtrack-mcp-server
python -m pytest tests/
Building
cd dtrack-mcp-server
python -m build
Authentication
The server supports DependencyTrack's Basic Authentication. Make sure your DependencyTrack user has the necessary permissions to:
- View projects
- View vulnerabilities
- Access API endpoints
Error Handling
The server includes comprehensive error handling:
- Connection errors to DependencyTrack
- Authentication failures
- Missing environment variables
- API request failures
- Invalid project/vulnerability UUIDs
All errors are logged and returned as structured responses to the AI assistant.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mareana_dtrack_mcp_server-0.1.0.tar.gz.
File metadata
- Download URL: mareana_dtrack_mcp_server-0.1.0.tar.gz
- Upload date:
- Size: 10.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
091421443ea0c8bb4d19a98c7673fd3340ea9752ebfa4c85062e8a29bc5cf183
|
|
| MD5 |
2230f2ef0b2dfe244ff5c37ecf4d1419
|
|
| BLAKE2b-256 |
2305ad3ffe3b9dfe7e32914c8950b9dabf6343519d14a106a39323961cee8e6d
|
File details
Details for the file mareana_dtrack_mcp_server-0.1.0-py3-none-any.whl.
File metadata
- Download URL: mareana_dtrack_mcp_server-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d29cd24f99dd66f0c370d027ce28ed449af252b739a9a70b601dd39a49443fd8
|
|
| MD5 |
ee47712f30f4f1d30d6b73e004ee487b
|
|
| BLAKE2b-256 |
ad2f54a24345fce51186be525cbaf6dc91cf6f731aa242fc4d2f75a5c88f8b37
|