Coverity MCP Server

A Model Context Protocol (MCP) server for Synopsys Coverity static analysis. Enables Windsurf, Claude Desktop, and other MCP-compatible AI assistants to query Coverity defects, projects, streams, metrics, and trends directly from the IDE.

Tools

| Tool | Description | Inputs | |------|-------------|--------| | list_projects | List all Coverity projects | None | | get_project_streams | Get all streams for a project | projectId (string) | | list_defects | List defects for a project or stream | projectId (optional), streamId (optional), limit (default 50) | | get_defect_details | Get detailed info for a specific defect | defectId (string — the CID) | | get_snapshots | Get scan snapshots for a stream | streamId (string) | | get_defect_history | Get detection/triage history for a defect | defectId (string) | | update_defect_triage | Update triage status for defects | defectIds (string[]), classification (string), severity (optional), action (optional), comment (optional) | | get_checker_names | List all available Coverity checkers | None | | get_defect_statuses | List all Coverity defect statuses | None | | get_triage_stores | List all Coverity triage stores | None | | get_server_time | Get Coverity server time (connectivity check) | None | | get_version | Get Coverity server version | None | | get_trend_records | Get defect trends over time for a project | projectId (string), startDate (optional), endDate (optional) | | get_component_metrics | Get code metrics for a project | projectId (string), streamId (optional) |

Prerequisites

• Node.js 18 or higher
• VPN/network access to your Coverity server
• A valid Coverity username and password/token

Installation

Via npx (recommended)

{
  "mcpServers": {
    "coverity": {
      "command": "npx",
      "args": ["-y", "@jaydev1642/coverity-mcp"],
      "env": {
        "COVERITY_URL": "https://your-coverity-server:8443",
        "COVAUTHUSER": "your-username",
        "COVAUTHKEY": "your-password-or-token"
      }
    }
  }
}

Via local file

Clone/download the repo and point directly at index.js:

{
  "mcpServers": {
    "coverity": {
      "command": "node",
      "args": ["/absolute/path/to/coverity-mcp/index.js"],
      "env": {
        "COVERITY_URL": "https://your-coverity-server:8443",
        "COVAUTHUSER": "your-username",
        "COVAUTHKEY": "your-password-or-token"
      }
    }
  }
}

Configuration

All configuration is done via environment variables — no code changes needed.

Finding your Coverity URL

Your COVERITY_URL is the base URL of your Coverity Connect instance, including the port:

https://<your-coverity-hostname>:<port>

For example:

• https://coverity.example.com:8443 ← typical default port
• https://coverity.mycompany.com:443 ← if running behind a reverse proxy

Getting your credentials

1. Log into your Coverity instance
2. Click your avatar (top-right) → My Profile or Settings
3. Under Authentication Keys, generate or copy an existing key
4. Use your login username as COVAUTHUSER and the key as COVAUTHKEY

⚠️ Never commit credentials to source control.

Windsurf config location

%USERPROFILE%\.codeium\windsurf\mcp_config.json

Claude Desktop config location

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

Environment Variables

| Variable | Description | Required | |----------|-------------|----------| | COVERITY_URL | Coverity server base URL (include port) | Yes | | COVAUTHUSER | Coverity username | Yes | | COVAUTHKEY | Coverity password or API token | Yes | | NODE_TLS_REJECT_UNAUTHORIZED | Set to 0 to bypass SSL cert validation | Optional |

How It Works

The server communicates with Coverity using its SOAP Web Services API (v9) via two services:

• ConfigurationService — listing projects, streams, checkers, statuses, triage stores, server info
• DefectService — querying defects, history, trends, metrics, and updating triage

Authentication is handled via WS-Security using the provided username and password/token.

License

ISC