Submit

Cycode

@Cycode Ltd.

Visit Server
4 months ago
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
OverviewToolsComments
Overview

MCP Command [EXPERIMENT]

WARNING

The MCP command is available only for Python 3.10 and above. If you're using an earlier Python version, this command will not be available.

The Model Context Protocol (MCP) command allows you to start an MCP server that exposes Cycode's scanning capabilities to AI systems and applications. This enables AI models to interact with Cycode CLI tools via a standardized protocol.

TIP

For the best experience, install Cycode CLI globally on your system using pip install cycode or brew install cycode, then authenticate once with cycode auth. After global installation and authentication, you won't need to configure CYCODE_CLIENT_ID and CYCODE_CLIENT_SECRET environment variables in your MCP configuration files.

Add MCP Server to Cursor using UV

Starting the MCP Server

To start the MCP server, use the following command:

cycode mcp

By default, this starts the server using the stdio transport, which is suitable for local integrations and AI applications that can spawn subprocesses.

Available Options

OptionDescription
-t, --transportTransport type for the MCP server: stdio, sse, or streamable-http (default: stdio)
-H, --hostHost address to bind the server (used only for non stdio transport) (default: 127.0.0.1)
-p, --portPort number to bind the server (used only for non stdio transport) (default: 8000)
--helpShow help message and available options

MCP Tools

The MCP server provides the following tools that AI systems can use:

Tool NameDescription
cycode_secret_scanScan files for hardcoded secrets
cycode_sca_scanScan files for Software Composition Analysis (SCA) - vulnerabilities and license issues
cycode_iac_scanScan files for Infrastructure as Code (IaC) misconfigurations
cycode_sast_scanScan files for Static Application Security Testing (SAST) - code quality and security flaws
cycode_statusGet Cycode CLI version, authentication status, and configuration information

Usage Examples

Configuration Examples

Using MCP with Cursor/VS Code/Claude Desktop/etc (mcp.json)

NOTE

For EU Cycode environments, make sure to set the appropriate CYCODE_API_URL and CYCODE_APP_URL values in the environment variables (e.g., https://api.eu.cycode.com and https://app.eu.cycode.com).

Follow this guide to configure the MCP server in your VS Code/GitHub Copilot. Keep in mind that in settings.json, there is an mcp object containing a nested servers sub-object, rather than a standalone mcpServers object.

For stdio transport with uvx installation:

{
  "mcpServers": {
    "cycode": {
      "command": "uvx",
      "args": ["cycode", "mcp"],
      "env": {
        "CYCODE_CLIENT_ID": "your-cycode-id",
        "CYCODE_CLIENT_SECRET": "your-cycode-secret-key",
        "CYCODE_API_URL": "https://api.cycode.com",
        "CYCODE_APP_URL": "https://app.cycode.com"
      }
    }
  }
}

NOTE

The MCP server requires proper Cycode CLI authentication to function. Make sure you have authenticated using cycode auth or configured your credentials before starting the MCP server.

Troubleshooting MCP

If you encounter issues with the MCP server, you can enable debug logging to get more detailed information about what's happening. There are two ways to enable debug logging:

  1. Using the -v or --verbose flag:
cycode -v mcp
  1. Using the CYCODE_CLI_VERBOSE environment variable:
CYCODE_CLI_VERBOSE=1 cycode mcp

The debug logs will show detailed information about:

  • Server startup and configuration
  • Connection attempts and status
  • Tool execution and results
  • Any errors or warnings that occur

This information can be helpful when:

  • Diagnosing connection issues
  • Understanding why certain tools aren't working
  • Identifying authentication problems
  • Debugging transport-specific issues
Try in Playground

Server Config

{
  "mcpServers": {
    "cycode": {
      "command": "uvx",
      "args": [
        "cycode",
        "mcp"
      ],
      "env": {
        "CYCODE_CLIENT_ID": "your-cycode-id",
        "CYCODE_CLIENT_SECRET": "your-cycode-secret-key",
        "CYCODE_API_URL": "https://api.cycode.com",
        "CYCODE_APP_URL": "https://app.cycode.com"
      }
    }
  }
}
© 2025 MCP.so. All rights reserved.

Build with ShipAny.