npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@devopsshield/mcp

v0.1.6

Published

MCP server for interacting with DevOps Shield - AI-powered DevSecOps compliance scanning

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

devopsshielddevopsshield

Keywords

Readme

⭐ DevOps Shield MCP Server

The MCP (Model Context Protocol) server for DevOps Shield, enabling AI agents like GitHub Copilot, Claude, and ChatGPT to interact with your DevSecOps compliance data.

📺 Overview

The DevOps Shield MCP Server brings compliance scanning and policy management context to your AI agents. Try prompts like:

  • "List all my security assessments"
  • "Run a compliance scan on my Azure DevOps organization"
  • "What are the critical violations in my latest assessment?"
  • "Show me all policies related to repository security"
  • "Get a compliance summary for my tenant"
  • "Set up a new tenant for my organization"

🔧 Supported Tools

Assessment Tools (Domain: assessments)

| Tool | Description | |------|-------------| | dos_assessment_list | List all security assessments | | dos_assessment_get | Get detailed assessment information | | dos_assessment_run | Trigger a new compliance scan | | dos_assessment_status | Check assessment progress | | dos_assessment_export | Export results in SARIF/JSON format |

Policy Tools (Domain: policies)

| Tool | Description | |------|-------------| | dos_policy_list | List available policy definitions | | dos_policy_get | Get policy details | | dos_initiative_list | List policy initiatives | | dos_initiative_get | Get initiative details |

Compliance Tools (Domain: compliance)

| Tool | Description | |------|-------------| | dos_compliance_summary | Get compliance overview with scores | | dos_compliance_violations | List active violations |

Tenant Tools (Domain: tenants)

| Tool | Description | |------|-------------| | dos_tenant_list | List all tenants | | dos_tenant_get | Get tenant details | | dos_organization_list | List organizations |

Setup Tools (Domain: setup)

| Tool | Description | |------|-------------| | dos_setup | Set up a new tenant and organization | | dos_setup_validate | Validate PAT token before setup |

🔌 Installation & Getting Started

Prerequisites

  1. Install Node.js 20+
  2. Have DevOps Shield API running (default: http://localhost:5000)

VS Code with GitHub Copilot

  1. Create a .vscode/mcp.json file in your project:
{
  "inputs": [
    {
      "id": "dos_endpoint",
      "type": "promptString",
      "description": "DevOps Shield API endpoint URL",
      "default": "http://localhost:5000"
    }
  ],
  "servers": {
    "devopsshield": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@devopsshield/mcp", "--endpoint", "${input:dos_endpoint}"]
    }
  }
}
  1. Open VS Code and switch to Agent Mode in GitHub Copilot Chat
  2. Click "Select Tools" and enable the DevOps Shield tools
  3. Start chatting! Try "List my assessments"

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "devopsshield": {
      "command": "npx",
      "args": ["-y", "@devopsshield/mcp"],
      "env": {
        "DOS_API_ENDPOINT": "http://localhost:5000",
        "DOS_API_KEY": "your-api-key-if-required"
      }
    }
  }
}

Command Line Options

npx @devopsshield/mcp [options]

Options:
  --endpoint, -e     DevOps Shield API endpoint URL (default: http://localhost:5000)
  --api-key, -k      API key for authentication (default: from DOS_API_KEY env var)
  --domains, -d      Domains to enable: 'all' or specific domains (default: all)
  --version          Show version number
  --help             Show help

Using Domains

To load only specific tool groups, use the -d flag:

{
  "servers": {
    "devopsshield": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@devopsshield/mcp", "-d", "assessments", "policies"]
    }
  }
}

Available domains: assessments, policies, compliance, tenants, setup

🔐 Security

  • API Key: Optionally pass via --api-key or DOS_API_KEY environment variable
  • PAT Tokens: Only used during setup, never exposed through MCP
  • Audit Logging: All tool invocations are logged by the DevOps Shield API
  • Tenant Isolation: Results are scoped to the authenticated context

🎩 Examples

Run a compliance scan

You: "Run a compliance scan on my Azure DevOps organization 'contoso'"

AI: Uses dos_assessment_run tool with organizationName='contoso' → Returns assessment ID and tracking info

Check scan progress

You: "What's the status of assessment abc-123?"

AI: Uses dos_assessment_status with assessmentId='abc-123' → Returns progress bar and status

Review violations

You: "Show me all critical security violations"

AI: Uses dos_compliance_violations with severity='Critical' → Returns formatted list with remediation guidance

Policy exploration

You: "What policies are available for Azure DevOps repositories?"

AI: Uses dos_policy_list with enterpriseType='AzureDevOps' and category='Repository' → Returns categorized policy list

🛠️ Development

Building from Source

cd src/Cad4DevOps.MCP
npm install
npm run build

Running Locally

npm start -- --endpoint http://localhost:5000

Testing with MCP Inspector

npm run inspect -- http://localhost:5000

📄 Related Documentation

📌 Contributing

We welcome contributions! Please see the main repository's CONTRIBUTING.md for guidelines.

License

Licensed under the MIT License.