cycode-cli

What is this MCP

This MCP exposes Cycode's security scanning capabilities through the Model Context Protocol (MCP), enabling AI assistants to perform security scans for secrets, infrastructure as code misconfigurations, software composition analysis vulnerabilities, and static application security testing issues. The MCP server provides tools that AI systems can use to integrate security scanning directly into their workflows.

How to use this MCP

To use this MCP, first install the Cycode CLI globally via pip install cycode or brew install cycode, then authenticate with cycode auth. Start the MCP server with cycode mcp and configure it in your AI client (like VS Code/Cursor, Claude Desktop) by adding the server configuration to your mcp.json file. The MCP supports three transport types: stdio (default for local integrations), SSE, and streamable HTTP.

What this MCP can be used for

This MCP enables AI assistants to perform comprehensive security scanning during development workflows, including detecting hardcoded secrets in code, identifying vulnerable dependencies in package files, finding infrastructure misconfigurations in Terraform/CloudFormation files, and discovering code quality and security flaws through static analysis. It's particularly useful for AI-assisted code review, automated security checks in development environments, and proactive security scanning during AI-powered code generation and refactoring.