Other CI Systems
This guide shows how to integrate MCP Security Score into various CI/CD systems using the API.
Generic Integration
All CI systems can integrate with MCP Security Score using curl. The pattern is:
- Store API key as a secret/variable
- Create a scan via POST request
- Poll for completion
- Check score against threshold
- Pass or fail the build
Jenkins
Jenkinsfile (Declarative)
pipeline {
agent any
environment {
MCP_SCANNER_API_KEY = credentials('mcp-scanner-api-key')
SCORE_THRESHOLD = '70'
}
stages {
stage('Security Scan') {
steps {
script {
def repoUrl = env.GIT_URL ?: "https://github.com/owner/repo"
// Create scan
def scanResponse = sh(
script: """
curl -sf -X POST "https://mcpscanner.com/api/v1/scan" \
-H "Authorization: Bearer ${MCP_SCANNER_API_KEY}" \
-H "Content-Type: application/json" \
-d '{"url": "${repoUrl}"}'
""",
returnStdout: true
).trim()
def scanId = readJSON(text: scanResponse).id
echo "Scan ID: ${scanId}"
// Poll for completion
def result
for (int i = 0; i < 24; i++) {
result = sh(
script: """
curl -sf "https://mcpscanner.com/api/v1/scan/${scanId}" \
-H "Authorization: Bearer ${MCP_SCANNER_API_KEY}"
""",
returnStdout: true
).trim()
def status = readJSON(text: result).status
echo "Status: ${status}"
if (status == 'complete') {
break
} else if (status == 'failed') {
error("Scan failed!")
}
sleep(5)
}
// Check results
def resultJson = readJSON(text: result)
def score = resultJson.score
def grade = resultJson.grade
echo "Score: ${score} (${grade})"
if (score < SCORE_THRESHOLD.toInteger()) {
error("Security score ${score} is below threshold ${SCORE_THRESHOLD}")
}
echo "Security check passed!"
}
}
}
}
}Setup in Jenkins
- Go to Manage Jenkins → Credentials
- Add a Secret text credential
- ID:
mcp-scanner-api-key - Secret: Your API key
CircleCI
.circleci/config.yml
version: 2.1
jobs:
security-scan:
docker:
- image: cimg/base:stable
steps:
- run:
name: MCP Security Scan
command: |
set -e
REPO_URL="${CIRCLE_REPOSITORY_URL}"
THRESHOLD=70
echo "Scanning $REPO_URL..."
# Create scan
SCAN_RESPONSE=$(curl -sf -X POST "https://mcpscanner.com/api/v1/scan" \
-H "Authorization: Bearer $MCP_SCANNER_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"url\": \"$REPO_URL\"}")
SCAN_ID=$(echo "$SCAN_RESPONSE" | jq -r '.id')
echo "Scan ID: $SCAN_ID"
# Poll for completion
for i in {1..24}; do
RESULT=$(curl -sf "https://mcpscanner.com/api/v1/scan/$SCAN_ID" \
-H "Authorization: Bearer $MCP_SCANNER_API_KEY")
STATUS=$(echo "$RESULT" | jq -r '.status')
echo "Status: $STATUS"
if [ "$STATUS" = "complete" ]; then
break
elif [ "$STATUS" = "failed" ]; then
echo "Scan failed!"
exit 1
fi
sleep 5
done
# Check results
SCORE=$(echo "$RESULT" | jq -r '.score')
GRADE=$(echo "$RESULT" | jq -r '.grade')
echo "Score: $SCORE ($GRADE)"
if [ "$SCORE" -lt "$THRESHOLD" ]; then
echo "Score $SCORE is below threshold $THRESHOLD"
exit 1
fi
echo "Security check passed!"
workflows:
security:
jobs:
- security-scan:
context: mcp-scannerSetup in CircleCI
- Go to Project Settings → Environment Variables
- Add
MCP_SCANNER_API_KEYwith your API key - Or create a Context for organization-wide use
Azure DevOps
azure-pipelines.yml
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
variables:
SCORE_THRESHOLD: 70
stages:
- stage: Security
jobs:
- job: MCPScan
steps:
- task: Bash@3
displayName: 'MCP Security Scan'
env:
MCP_SCANNER_API_KEY: $(MCP_SCANNER_API_KEY)
inputs:
targetType: 'inline'
script: |
set -e
REPO_URL="$(Build.Repository.Uri)"
echo "Scanning $REPO_URL..."
# Create scan
SCAN_RESPONSE=$(curl -sf -X POST "https://mcpscanner.com/api/v1/scan" \
-H "Authorization: Bearer $MCP_SCANNER_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"url\": \"$REPO_URL\"}")
SCAN_ID=$(echo "$SCAN_RESPONSE" | jq -r '.id')
echo "Scan ID: $SCAN_ID"
# Poll for completion
for i in {1..24}; do
RESULT=$(curl -sf "https://mcpscanner.com/api/v1/scan/$SCAN_ID" \
-H "Authorization: Bearer $MCP_SCANNER_API_KEY")
STATUS=$(echo "$RESULT" | jq -r '.status')
echo "Status: $STATUS"
if [ "$STATUS" = "complete" ]; then
break
elif [ "$STATUS" = "failed" ]; then
echo "Scan failed!"
exit 1
fi
sleep 5
done
# Check results
SCORE=$(echo "$RESULT" | jq -r '.score')
GRADE=$(echo "$RESULT" | jq -r '.grade')
echo "##vso[task.setvariable variable=securityScore]$SCORE"
echo "##vso[task.setvariable variable=securityGrade]$GRADE"
echo "Score: $SCORE ($GRADE)"
if [ "$SCORE" -lt "$(SCORE_THRESHOLD)" ]; then
echo "##vso[task.logissue type=error]Score $SCORE is below threshold $(SCORE_THRESHOLD)"
exit 1
fi
echo "Security check passed!"Setup in Azure DevOps
- Go to Pipelines → Library → Variable Groups
- Create a new variable group
- Add
MCP_SCANNER_API_KEYas a secret variable - Link the variable group to your pipeline
Bitbucket Pipelines
bitbucket-pipelines.yml
image: alpine:latest
pipelines:
default:
- step:
name: Security Scan
script:
- apk add --no-cache curl jq
- |
set -e
REPO_URL="https://bitbucket.org/${BITBUCKET_WORKSPACE}/${BITBUCKET_REPO_SLUG}"
THRESHOLD=70
# Create scan
SCAN_RESPONSE=$(curl -sf -X POST "https://mcpscanner.com/api/v1/scan" \
-H "Authorization: Bearer $MCP_SCANNER_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"url\": \"$REPO_URL\"}")
SCAN_ID=$(echo "$SCAN_RESPONSE" | jq -r '.id')
echo "Scan ID: $SCAN_ID"
# Poll for completion
for i in $(seq 1 24); do
RESULT=$(curl -sf "https://mcpscanner.com/api/v1/scan/$SCAN_ID" \
-H "Authorization: Bearer $MCP_SCANNER_API_KEY")
STATUS=$(echo "$RESULT" | jq -r '.status')
echo "Status: $STATUS"
if [ "$STATUS" = "complete" ]; then
break
elif [ "$STATUS" = "failed" ]; then
echo "Scan failed!"
exit 1
fi
sleep 5
done
# Check results
SCORE=$(echo "$RESULT" | jq -r '.score')
GRADE=$(echo "$RESULT" | jq -r '.grade')
echo "Score: $SCORE ($GRADE)"
if [ "$SCORE" -lt "$THRESHOLD" ]; then
echo "Score $SCORE is below threshold $THRESHOLD"
exit 1
fi
echo "Security check passed!"
pull-requests:
'**':
- step:
name: PR Security Scan
script:
# Same as aboveSetup in Bitbucket
- Go to Repository Settings → Pipelines → Repository variables
- Add
MCP_SCANNER_API_KEY - Check "Secured" to hide the value
Drone CI
.drone.yml
kind: pipeline
type: docker
name: security
steps:
- name: mcp-scan
image: alpine:latest
environment:
MCP_SCANNER_API_KEY:
from_secret: mcp_scanner_api_key
commands:
- apk add --no-cache curl jq
- |
set -e
REPO_URL="${DRONE_REPO_LINK}"
THRESHOLD=70
# Create scan
SCAN_RESPONSE=$(curl -sf -X POST "https://mcpscanner.com/api/v1/scan" \
-H "Authorization: Bearer $MCP_SCANNER_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"url\": \"$REPO_URL\"}")
SCAN_ID=$(echo "$SCAN_RESPONSE" | jq -r '.id')
# Poll and check...
# (same pattern as other examples)
trigger:
branch:
- main
event:
- push
- pull_requestGeneric Shell Script
For any CI system, you can use this standalone script:
#!/bin/bash
set -e
# Configuration
API_KEY="${MCP_SCANNER_API_KEY}"
REPO_URL="${REPO_URL:-https://github.com/owner/repo}"
THRESHOLD="${SCORE_THRESHOLD:-70}"
if [ -z "$API_KEY" ]; then
echo "Error: MCP_SCANNER_API_KEY not set"
exit 1
fi
echo "=== MCP Security Score Security Check ==="
echo "Repository: $REPO_URL"
echo "Threshold: $THRESHOLD"
echo ""
# Create scan
echo "Creating scan..."
SCAN_RESPONSE=$(curl -sf -X POST "https://mcpscanner.com/api/v1/scan" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d "{\"url\": \"$REPO_URL\"}")
SCAN_ID=$(echo "$SCAN_RESPONSE" | jq -r '.id')
echo "Scan ID: $SCAN_ID"
# Poll for completion
echo "Waiting for scan to complete..."
for i in {1..24}; do
RESULT=$(curl -sf "https://mcpscanner.com/api/v1/scan/$SCAN_ID" \
-H "Authorization: Bearer $API_KEY")
STATUS=$(echo "$RESULT" | jq -r '.status')
if [ "$STATUS" = "complete" ]; then
break
elif [ "$STATUS" = "failed" ]; then
echo "Scan failed!"
exit 1
fi
echo " Status: $STATUS"
sleep 5
done
# Extract results
SCORE=$(echo "$RESULT" | jq -r '.score')
GRADE=$(echo "$RESULT" | jq -r '.grade')
FINDINGS=$(echo "$RESULT" | jq -r '.findings | length')
CRITICAL=$(echo "$RESULT" | jq '[.findings[] | select(.severity == "critical")] | length')
HIGH=$(echo "$RESULT" | jq '[.findings[] | select(.severity == "high")] | length')
# Display results
echo ""
echo "=== Results ==="
echo "Score: $SCORE ($GRADE)"
echo "Total Findings: $FINDINGS"
echo " Critical: $CRITICAL"
echo " High: $HIGH"
echo ""
echo "Report: https://mcpscanner.com/dashboard/scan/$SCAN_ID"
echo ""
# Check threshold
if [ "$SCORE" -lt "$THRESHOLD" ]; then
echo "FAILED: Score $SCORE is below threshold $THRESHOLD"
exit 1
fi
echo "PASSED: Security check successful"
exit 0Save this as mcp-scan.sh and call it from any CI system.
Next Steps
- API Examples - More code samples
- Rate Limits - Handling limits
- Troubleshooting - Common issues