-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathregistry.yml
More file actions
110 lines (96 loc) · 3.6 KB
/
Copy pathregistry.yml
File metadata and controls
110 lines (96 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# SecKit MCP server registry
#
# Two packs: `security` (scanners + advisory data) and `enterprise` (platforms
# you operate inside). Entries are merged into the active client's MCP config
# by `seckit mcp install`. Required env vars are listed but never written -
# the user supplies them out of band.
#
# Schema per entry:
# id short slug used on the CLI
# pack security | enterprise
# description what the AI gets when this server is installed
# transport stdio | http
# command argv for stdio servers
# url endpoint for http servers
# env list of required environment variable names (documented only)
# docs upstream URL
servers:
# ---------- Security pack -----------------------------------------------
- id: semgrep
pack: security
description: Run Semgrep scans, fetch rule packs, triage findings.
transport: stdio
command: [uvx, semgrep-mcp]
env: []
docs: https://github.com/semgrep/mcp
- id: snyk
pack: security
description: Query Snyk for SCA, code, and container findings.
transport: stdio
command: [npx, -y, snyk-mcp]
env: [SNYK_TOKEN]
docs: https://docs.snyk.io/integrations/snyk-mcp-server
- id: osv
pack: security
description: Query the OSV vulnerability database by package and version.
transport: stdio
command: [npx, -y, osv-mcp]
env: []
docs: https://osv.dev
- id: trivy
pack: security
description: Scan images, filesystems, and IaC with Trivy.
transport: stdio
command: [npx, -y, trivy-mcp]
env: []
docs: https://github.com/aquasecurity/trivy
- id: scorecard
pack: security
description: Run OpenSSF Scorecard against a GitHub repo.
transport: stdio
command: [npx, -y, scorecard-mcp]
env: [GITHUB_TOKEN]
docs: https://securityscorecards.dev
# ---------- Enterprise pack ---------------------------------------------
- id: github
pack: enterprise
description: Read/write GitHub repos, issues, PRs, Actions, security alerts.
transport: stdio
command: [docker, run, -i, --rm, "-e", "GITHUB_PERSONAL_ACCESS_TOKEN", "ghcr.io/github/github-mcp-server"]
env: [GITHUB_PERSONAL_ACCESS_TOKEN]
docs: https://github.com/github/github-mcp-server
- id: ado
pack: enterprise
description: Read/write Azure DevOps work items, repos, pipelines, test plans.
transport: stdio
command: [npx, -y, "@azure-devops/mcp"]
env: [AZURE_DEVOPS_EXT_PAT, AZURE_DEVOPS_ORG]
docs: https://github.com/microsoft/azure-devops-mcp
- id: atlassian
pack: enterprise
description: Read/write Confluence pages and Jira issues.
transport: stdio
command: [npx, -y, "@atlassian/mcp"]
env: [ATLASSIAN_API_TOKEN, ATLASSIAN_SITE_URL, ATLASSIAN_USER_EMAIL]
docs: https://www.atlassian.com/blog/announcements/remote-mcp-server
- id: microsoft-learn
pack: enterprise
description: Search and fetch Microsoft Learn documentation.
transport: http
url: https://learn.microsoft.com/api/mcp
env: []
docs: https://learn.microsoft.com/en-us/training/support/mcp
- id: terraform
pack: enterprise
description: Search Terraform registry, fetch module/provider docs and policies.
transport: stdio
command: [npx, -y, "@hashicorp/terraform-mcp-server"]
env: []
docs: https://github.com/hashicorp/terraform-mcp-server
- id: foundry
pack: enterprise
description: Deploy and evaluate Microsoft Foundry agents and models.
transport: stdio
command: [npx, -y, "@microsoft/foundry-mcp"]
env: [AZURE_SUBSCRIPTION_ID]
docs: https://learn.microsoft.com/en-us/azure/ai-foundry/