DefectDojo FAQs

Question 1

How does the DefectDojo MCP server enable security automation?

Accepted Answer

By providing a standardized MCP interface to DefectDojo, this tool allows AI agents to automatically retrieve vulnerability data, update finding statuses, add contextual notes, and create reports, significantly streamlining security workflows.

Question 2

What environment variables are needed to run the server?

Accepted Answer

You need `DEFECTDOJO_API_TOKEN` (your DefectDojo API token) and `DEFECTDOJO_API_BASE` (the base URL of your DefectDojo instance).

Question 3

What is the DefectDojo MCP Server?

Accepted Answer

It's a Model Context Protocol server that allows AI agents and other MCP clients to interact with the DefectDojo API. This enables AI-powered security workflows by providing programmatic access to DefectDojo entities like findings and engagements.

Question 4

What can I do with this MCP server?

Accepted Answer

You can fetch, search, create, and update findings; manage engagement status; add notes to findings; list and retrieve product details; and perform various other operations, all through an AI agent or MCP client.

Question 5

What type of entities can I manage with this tool?

Accepted Answer

You can manage Findings, Products, and Engagements. You can fetch, search, create, update, and delete these entities using the available MCP tools.

DefectDojo

About

Key Features

Use Cases