VibeSafe DevSecOps MCP is Here!

VibeSafe DevSecOps MCP Server: Supercharging Your AI Coding Workflow!

The future of development is here, and it's increasingly powered by AI. Tools like Cursor and AI agents are revolutionizing how we build, iterate, and ship software. But with great speed comes great responsibility, especially when it comes to security. That's why we're incredibly excited to announce the launch of the VibeSafe MCP Server – a crucial new addition to the VibeSafe Open Source Stack!

This server is designed to bridge the gap between AI-driven development and robust application security, allowing you to embed VibeSafe's powerful scanning capabilities directly into your favorite LLM-powered IDEs.

What is the VibeSafe MCP Server?

MCP stands for Model Context Protocol. It's a standardized way for Large Language Models (LLMs) and AI agents to interact with external tools and services. The VibeSafe MCP Server leverages this protocol to expose our comprehensive suite of security tools as callable functions that your AI assistant can invoke – either automatically as it generates code or at your explicit direction.

Imagine your AI coding partner not just writing code, but also proactively checking for security vulnerabilities in real-time, thanks to VibeSafe. That's the power the MCP server unlocks!

✨ Features: Your AI's New Security Superpowers

The VibeSafe MCP Server brings our trusted security scans directly into your AI-native development environment. Each tool can be triggered by an LLM agent or even run manually if you prefer:

• 🔐 secret-scan: Say goodbye to accidental secret exposures! Detects hardcoded secrets like AWS keys, JWTs, SSH keys, and pesky .env file leaks before they become a headline.
• 🛡️ secure-install: Installing npm packages? This tool helps prevent slopsquatting and typosquatting attacks by analyzing packages before they're installed, keeping your supply chain secure.
• 📦 vuln-scan: Automatically checks your project's dependencies against the comprehensive OSV.dev vulnerability database for known CVEs.
• ⚙️ config-scan: Hunts down insecure configurations in your JSON and YAML files, such as DEBUG=true flags or overly permissive CORS settings.
• 🌐 http-timeout-scan: Missing timeouts can lead to denial-of-service vulnerabilities. This scan warns you when HTTP clients like axios, fetch, and got are missing crucial timeout configurations.
• 📤 upload-scan: Validates file upload handlers (using libraries like Multer, Formidable, etc.) for essential size and type checks, preventing common upload-related vulnerabilities.
• 🔎 endpoint-scan: Keeps an eye on potentially exposed routes like /admin, /debug, or /metrics that could offer an unintended window into your application.
• 🚫 rate-limit-check: Heuristically checks your API routes for missing rate limits, a critical defense against abuse and brute-force attacks.
• 🪵 logging-scan: Helps you avoid improper or overly sensitive logging, such as accidentally logging full error stacks or user credentials.

⚙️ Getting Started: Integrate in Minutes

Setting up the VibeSafe MCP Server is straightforward:

1. Clone the repository:

   git clone https://github.com/slowcoder360/vibeSafe-mcp.git
   

2. Navigate into the directory:

   cd vibeSafe-mcp
   

3. Install dependencies:

   npm install
   

▶️ Run Locally

To run the server using standard I/O (which MCP clients typically use):

npm run start

🧠 AI IDE Support: Cursor & Beyond!

This server is built to work with any IDE or client that supports the Model Context Protocol.

For Cursor Users:

To integrate with Cursor, add the following configuration to your .cursor/config.json file. Remember to replace /absolute/path/to/vibeSafe-mcp with the actual absolute path to where you cloned the repository.

{
  "mcpServers": {
    "vibesafe": {
      "command": "npm",
      "args": ["run", "start"],
      "cwd": "/absolute/path/to/vibeSafe-mcp"
    }
  }
}

With this setup, Cursor can now leverage VibeSafe's tools!

We're excited to see support for MCP grow in tools like Claude Desktop (Anthropic) and other open-source LLM agents.

📦 Part of the VibeSafe OSS Stack

The VibeSafe MCP Server is a proud member of the VibeSafe open-source devtool family, dedicated to promoting AI-safe coding and automating security analysis. Our stack also includes:

• vibesafe (npm CLI): The core command-line tool for versatile security scanning.
• vibesafe-py (Python CLI): Bringing VibeSafe's power to Python projects.
• VS Code extension (Coming Soon!): Deeper IDE integration for even more developers.

🤝 Join Us in Building a Secure Future!

We believe that security should be an integral, effortless part of modern development, not an afterthought. The VibeSafe MCP Server is a significant step towards that vision, empowering developers and their AI assistants to build more securely from the get-go.

Your contributions make VibeSafe better!

• Try it out! Clone the VibeSafe MCP Server repository, integrate it, and let us know what you think.
• Found a bug or have an idea? Please open an issue.
• Want to add a new scan or improve an existing one? We welcome pull requests!

Let's ship fast and stay safe, together!