DevGuard MCP Server
The DevGuard MCP Server is a Model Context Protocol (MCP) server that connects any MCP-compatible AI assistants directly to the DevGuard security platform. It lets your AI assistant scan repositories for vulnerabilities, manage security findings, and triage risks without leaving the chat.
What it can do
| Capability | Details |
|---|---|
| Browse your workspace | List organizations, projects, and assets in DevGuard |
| Run security scans | Dependency (SCA), secrets, SAST, IaC, and container image scans |
| Upload documents | SBOM, SARIF, and VEX files |
| Manage findings | List and assess vulnerabilities with CVE/CVSS/EPSS data |
| Triage risks | Accept risks or mark findings as false positives with justification |
Requirements
- A DevGuard account
- A Personal Access Token (PAT) — see Personal Access Tokens for how to create one
- Any MCP-compatible AI client: Claude Desktop, Claude Code (VS Code), Cursor, GitHub Copilot, Windsurf, or similar
Installation
Download the latest binary for your platform from the Releases page:
| Platform | File |
|---|---|
| Linux amd64 | devguard-mcp-linux-amd64 |
| Linux arm64 | devguard-mcp-linux-arm64 |
| macOS amd64 | devguard-mcp-darwin-amd64 |
| macOS arm64 | devguard-mcp-darwin-arm64 |
| Windows amd64 | devguard-mcp-windows-amd64.exe |
| Windows arm64 | devguard-mcp-windows-arm64.exe |
Make the binary executable on Linux and macOS:
Build from source
Configuration
The server is configured via environment variables:
| Variable | Required | Default | Description |
|---|---|---|---|
DEVGUARD_PAT | Yes | — | Your DevGuard Personal Access Token |
DEVGUARD_API_URL | No | https://api.devguard.org/api/v1 | Custom API URL for self-hosted instances |
You can pass these as environment variables directly in your client config.
Setup
Claude Desktop
Add the following to your Claude Desktop config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
For a self-hosted DevGuard instance, also add DEVGUARD_API_URL:
Restart Claude Desktop — the DevGuard tools will be available in your next conversation.
Related
- Personal Access Tokens — how to create and manage PATs
- GitHub Discussion — share feedback on the MCP server
- Installation — how to install DevGuard