⭐ DevOps Shield MCP Server

The MCP (Model Context Protocol) server for DevOps Shield, enabling AI agents like GitHub Copilot, Claude, and ChatGPT to interact with your DevSecOps compliance data.

📺 Overview

The DevOps Shield MCP Server brings compliance scanning and policy management context to your AI agents. Try prompts like:

- "List all my security assessments"
- "Run a compliance scan on my Azure DevOps organization"
- "What are the critical violations in my latest assessment?"
- "Show me all policies related to repository security"
- "Get a compliance summary for my tenant"
- "Set up a new tenant for my organization"

🔧 Supported Tools

$3

| Tool | Description |
|------|-------------|
| dos_assessment_list | List all security assessments |
| dos_assessment_get | Get detailed assessment information |
| dos_assessment_run | Trigger a new compliance scan |
| dos_assessment_status | Check assessment progress |
| dos_assessment_export | Export results in SARIF/JSON format |

$3

| Tool | Description |
|------|-------------|
| dos_policy_list | List available policy definitions |
| dos_policy_get | Get policy details |
| dos_initiative_list | List policy initiatives |
| dos_initiative_get | Get initiative details |

$3

| Tool | Description |
|------|-------------|
| dos_compliance_summary | Get compliance overview with scores |
| dos_compliance_violations | List active violations |

$3

| Tool | Description |
|------|-------------|
| dos_tenant_list | List all tenants |
| dos_tenant_get | Get tenant details |
| dos_organization_list | List organizations |

$3

| Tool | Description |
|------|-------------|
| dos_setup | Set up a new tenant and organization |
| dos_setup_validate | Validate PAT token before setup |

🔌 Installation & Getting Started

$3

1. Install Node.js 20+
2. Have DevOps Shield API running (default: http://localhost:5000)

$3

1. Create a .vscode/mcp.json file in your project:

``

json

{

  "inputs": [

    {

      "id": "dos_endpoint",

      "type": "promptString",

      "description": "DevOps Shield API endpoint URL",

      "default": "http://localhost:5000"

    }

  ],

  "servers": {

    "devopsshield": {

      "type": "stdio",

      "command": "npx",

      "args": ["-y", "@devopsshield/mcp", "--endpoint", "${input:dos_endpoint}"]

    }

  }

}





2. Open VS Code and switch to Agent Mode in GitHub Copilot Chat

3. Click "Select Tools" and enable the DevOps Shield tools

4. Start chatting! Try "List my assessments"



$3



Add to your

claude_desktop_config.json

json

{

  "mcpServers": {

    "devopsshield": {

      "command": "npx",

      "args": ["-y", "@devopsshield/mcp"],

      "env": {

        "DOS_API_ENDPOINT": "http://localhost:5000",

        "DOS_API_KEY": "your-api-key-if-required"

      }

    }

  }

}

$3

bash

npx @devopsshield/mcp [options]



Options:

  --endpoint, -e     DevOps Shield API endpoint URL (default: http://localhost:5000)

  --api-key, -k      API key for authentication (default: from DOS_API_KEY env var)

  --domains, -d      Domains to enable: 'all' or specific domains (default: all)

  --version          Show version number

  --help             Show help





$3



To load only specific tool groups, use the

-d

 flag:

json

{

  "servers": {

    "devopsshield": {

      "type": "stdio",

      "command": "npx",

      "args": ["-y", "@devopsshield/mcp", "-d", "assessments", "policies"]

    }

  }

}





Available domains:

assessments, policies, compliance, tenants, setup





🔐 Security



- API Key: Optionally pass via

--api-key or DOS_API_KEY

 environment variable

- PAT Tokens: Only used during setup, never exposed through MCP

- Audit Logging: All tool invocations are logged by the DevOps Shield API

- Tenant Isolation: Results are scoped to the authenticated context



🎩 Examples



$3



You: "Run a compliance scan on my Azure DevOps organization 'contoso'"



AI: Uses

dos_assessment_run

 tool with organizationName='contoso' → Returns assessment ID and tracking info



$3



You: "What's the status of assessment abc-123?"



AI: Uses

dos_assessment_status

 with assessmentId='abc-123' → Returns progress bar and status



$3



You: "Show me all critical security violations"



AI: Uses

dos_compliance_violations

 with severity='Critical' → Returns formatted list with remediation guidance



$3



You: "What policies are available for Azure DevOps repositories?"



AI: Uses

dos_policy_list

 with enterpriseType='AzureDevOps' and category='Repository' → Returns categorized policy list



🛠️ Development



$3

bash

cd src/Cad4DevOps.MCP

npm install

npm run build

$3

bash

npm start -- --endpoint http://localhost:5000

$3

bash

npm run inspect -- http://localhost:5000

📄 Related Documentation

- MCP Protocol Specification
- DevOps Shield Website

📌 Contributing

We welcome contributions! Please see the main repository's CONTRIBUTING.md for guidelines.

License

Licensed under the MIT License.