Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Black Duck Security Scanner

БесплатноНе проверен

AI-powered security scanning using Black Duck Signal for vulnerability detection.

GitHubEmbed

Описание

AI-powered security scanning using Black Duck Signal for vulnerability detection.

README

Black Duck MCP brings Signal's AI-powered security analysis directly into your development environment. It enables code scanning through leading coding assistants – including Claude, Gemini, Cursor, Copilot, and others – so you can detect security issues, receive actionable insights, and apply recommended fixes quickly and consistently.

Key Features & Benefits

  • Changes Scan:
    • Performs fast, incremental security scans focused only on the code changes introduced by the developer.
    • Ideal for early-stage detection of issues as code is written
  • File Scan:
    • Runs a targeted security analysis on specific files or directories.
    • Best suited for projects that do not use Git or for developers who want to analyze specific portions of the codebase
  • Cross-Platform Support:
    • Works on Windows, macOS, and Linux

Requirements

Getting started

Step 1: Add to your MCP client

Add the following configuration to your MCP client (using Claude user level config as example):

{
  "mcpServers": {
    "black-duck-signal": {
      "command": "npx",
      "args": ["-y", "@black-duck/mcp-server"],
      "env": {
        "BLACKDUCK_MCP_GATEWAY_KEY": "your-api-key-here"
      }
    }
  }
}

Step 2: Your first scan

Use one of following prompts in your MCP client to get you started:

Scan my code changes for security vulnerabilities

Your MCP client should execute a security scan and report any vulnerabilities found on the code changes made. Requires that the project is git based to determine what files have changed.

Scan the changed files with respect to the main branch

Your MCP client should execute a security scan taking into account only code changes in the current branch vs the main branch and report any vulnerabilities found on the code changes made. Requires that the project is git based to determine what files have changed.

Scan all files under folder foobar for security vulnerabilities

Your MCP client should execute a security scan and report any vulnerabilities found.

Tools

Tool Parameters Returns Best Use Cases
run_changes_security_scan projectPath (required): Absolute path to git project

gitPatchMode (required):
all-uncommitted: Scan staged + unstaged changes
reference-branch: Scan changes since branching

referenceBranch (optional): Reference branch name (e.g., main)

scanEntireFileContent (optional): When true, scans entire content of changed files instead of just changed lines. Default: false
sarifFilePath: Path to SARIF report
status: success or failure
resourceUris: MCP resource URIs
issueCounts: Counts by severity
analysisGuidance: Analysis steps
Faster: Analyzes only changed code
Focused: Shows issues from your changes
Iterative: Perfect for dev workflows & CI/CD
Efficient: Reduces scan cost and time
run_security_scan projectPath (required): Absolute path to project

filePaths (required): Array of file/directory absolute paths to scan
sarifFilePath: Path to SARIF report
status: success or failure
resourceUris: MCP resource URIs
issueCounts: Counts by severity
analysisGuidance: Analysis steps
• Analyzing specific files/directories
• Focused security review of critical paths
• Quick checks during development
• Non-git projects

Optional Configuration

The Black Duck Signal MCP server supports the following environment variables:

Variable Default Description
BLACKDUCK_MCP_GATEWAY_KEY None (required) API key for enhanced AI analysis
BLACKDUCK_HOME User's home directory Override the default .blackduck folder location
BLACKDUCK_MCP_TOOL_TIMEOUT 1800000 (30 min) Scan timeout in milliseconds
BLACKDUCK_MCP_LOG_LEVEL info Log level: error, warn, info, or debug

You can set these variables in your MCP client configuration:

{
  "mcpServers": {
    "black-duck": {
      "command": "npx",
      "args": ["-y", "@black-duck/mcp-server"],
      "env": {
        "BLACKDUCK_MCP_GATEWAY_KEY": "your-api-key-here",
        "BLACKDUCK_MCP_LOG_LEVEL": "debug"
      }
    }
  }
}

Logging and Troubleshooting

Log Location

All MCP logs are written to /Users/<username>/.blackduck/mcp/logs/ for linux/mac and C:\Users\<Username>\AppData\Roaming\BlackDuck\mcp\logs\ (customizable via BLACKDUCK_HOME):

  • black-duck-mcp.log - Combined log (all levels)
  • black-duck-mcp-error.log - Error-only log

IP Allowlist

The following URLs and IP addresses must be accessible for the MCP server to function properly:

URL IP Address
repo.blackduck.com 34.149.5.115
llm.core.blackduck.com 104.18.36.253

Ensure your firewall allows outbound HTTPS (port 443) connections to these endpoints

License

This project is licensed under the MIT License.

Resources

from github.com/blackducksoftware/mcp-server

Установить Black Duck Security Scanner в Claude Desktop, Claude Code, Cursor

Рекомендуется · одна команда, все IDE
unyly install black-duck-security-scanner

Ставит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.

Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh

Или настроить вручную

Выполни в терминале:

claude mcp add black-duck-security-scanner -- npx -y @black-duck/mcp-server

FAQ

Black Duck Security Scanner MCP бесплатный?

Да, Black Duck Security Scanner MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Black Duck Security Scanner?

Нет, Black Duck Security Scanner работает без API-ключей и переменных окружения.

Black Duck Security Scanner — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Black Duck Security Scanner в Claude Desktop, Claude Code или Cursor?

Открой Black Duck Security Scanner на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Black Duck Security Scanner with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai