@rad-security/mcp-server
v0.0.27
Published
RAD Security MCP Server for AI-powered security insights
Maintainers
rad-securityReadme
RAD Security MCP Server
A Model Context Protocol (MCP) server for RAD Security, providing AI-powered security insights for Kubernetes and cloud environments.
Installation
npm install @rad-security/mcp-serverUsage
Prerequisites
- Node.js 20.x or higher
Environment Variables
The following environment variables are required to use the MCP server with Rad Security:
RAD_SECURITY_ACCESS_KEY_ID="your_access_key"
RAD_SECURITY_SECRET_KEY="your_secret_key"
RAD_SECURITY_ACCOUNT_ID="your_account_id"Optional environment variables:
RAD_SECURITY_TENANT_ID="your_tenant_id" # Optional: If not provided, will be fetched automatically from the accountOptional: Filter Toolkits
You can control which toolkits are exposed by the MCP server using these environment variables:
INCLUDE_TOOLKITS: Comma-separated list of toolkits to include (only these will be enabled)EXCLUDE_TOOLKITS: Comma-separated list of toolkits to exclude (all except these will be enabled)
Available toolkits:
containers- Container inventory operationsclusters- Kubernetes cluster operationsidentities- Identity management operationsaudit- Audit log operationscloud_inventory- Cloud resource inventoryimages- Container image operationskubeobject- Kubernetes resource operationsmisconfigs- Misconfiguration detectionruntime- Runtime analysis operationsruntime_network- Network traffic analysisthreats- Threat vector operationsfindings- Security findings operationscves- CVE database operationsinbox- Inbox item operationsworkflows- Workflow execution operationsknowledge_base- Knowledge base search operationsradql- Query interface for rad data platform
Examples:
# Only enable workflow toolkit
INCLUDE_TOOLKITS="workflows"
# Enable only containers and images toolkits
INCLUDE_TOOLKITS="containers,images"
# Exclude workflow toolkit (enable all others)
EXCLUDE_TOOLKITS="workflows"
# Exclude runtime and threat toolkits
EXCLUDE_TOOLKITS="runtime,threats"Note: If INCLUDE_TOOLKITS is set, EXCLUDE_TOOLKITS is ignored.
Operations Without Authentication
You can also use few operations without authentication:
- List CVEs
- Get details of a specific CVE
- Get latest 30 CVEs
- List Kubernetes resource misconfiguration policies
In cursor IDE
It's quite problematic to set ENV variables in cursor IDE.
So, you can use the following start.sh script to start the server.
./start.shPlease set the ENV variables in the start.sh script first!
In Claude Desktop
You can use the following config to start the server in Claude Desktop.
{
"mcpServers": {
"rad-security": {
"command": "npx",
"args": ["-y", "@rad-security/mcp-server"],
"env": {
"RAD_SECURITY_ACCESS_KEY_ID": "<your-access-key-id>",
"RAD_SECURITY_SECRET_KEY": "<your-secret-key>",
"RAD_SECURITY_ACCOUNT_ID": "<your-account-id>"
}
}
}
}To filter toolkits, add INCLUDE_TOOLKITS or EXCLUDE_TOOLKITS to the env:
{
"mcpServers": {
"rad-security": {
"command": "npx",
"args": ["-y", "@rad-security/mcp-server"],
"env": {
"RAD_SECURITY_ACCESS_KEY_ID": "<your-access-key-id>",
"RAD_SECURITY_SECRET_KEY": "<your-secret-key>",
"RAD_SECURITY_ACCOUNT_ID": "<your-account-id>",
"EXCLUDE_TOOLKITS": "workflows"
}
}
}As a Docker Container - with Streamable HTTP
docker build -t rad-security/mcp-server .
docker run \
-e TRANSPORT_TYPE=streamable \
-e RAD_SECURITY_ACCESS_KEY_ID=your_access_key \
-e RAD_SECURITY_SECRET_KEY=your_secret_key \
-e RAD_SECURITY_ACCOUNT_ID=your_account_id \
-p 3000:3000 \
rad-security/mcp-serverWith toolkit filters:
docker run \
-e TRANSPORT_TYPE=streamable \
-e RAD_SECURITY_ACCESS_KEY_ID=your_access_key \
-e RAD_SECURITY_SECRET_KEY=your_secret_key \
-e RAD_SECURITY_ACCOUNT_ID=your_account_id \
-e INCLUDE_TOOLKITS=workflows,containers \
-p 3000:3000 \
rad-security/mcp-serverAs a Docker Container - with SSE (deprecated)
Note: The SSE transport is now deprecated in favor of Streamable HTTP. It's still supported for backward compatibility, but it's recommended to use Streamable HTTP instead.
docker build -t rad-security/mcp-server .
docker run \
-e TRANSPORT_TYPE=sse \
-e RAD_SECURITY_ACCESS_KEY_ID=your_access_key \
-e RAD_SECURITY_SECRET_KEY=your_secret_key \
-e RAD_SECURITY_ACCOUNT_ID=your_account_id \
-p 3000:3000 \
rad-security/mcp-serverFeatures
Account Inventory
- List clusters and their details*
Containers Inventory
- List containers and their details*
Security Findings
- List and analyze security findings*
Runtime Security
- Get process trees of running containers*
- Get runtime baselines of running containers*
- Analyze process behavior of running containers*
Network Security
- Monitor HTTP requests*
- Track network connections*
- Analyze network patterns*
Identity and Access
- List identities*
- Get identity details*
Audit
- List who shelled into a pod*
Cloud Security
- List and monitor cloud resources*
- Get resource details and compliance status*
Images
- Get SBOMs*
- List images and their vulnerabilities*
- Get top vulnerable images*
Kubernetes Objects
- Get details of a specific Kubernetes resource*
- List Kubernetes resources*
- List Kubernetes resource misconfiguration policies*
Threat Vector
- List threat vectors*
- Get details of a specific threat vector*
CVEs
- List CVEs
- Get details of a specific CVE
- Get latest 30 CVEs
RadQL (Advanced Querying)
- List available data types for querying (containers, findings, kubernetes_resources, etc.)*
- Get schema/metadata for specific data types*
- List possible values for filter fields*
- Execute RadQL queries with filtering, searching, and aggregations*
- Build queries programmatically from structured conditions*
- Execute multiple queries in parallel*
* - requires authentication and account in Rad Security.
Development
# Install dependencies
npm install
# Run type checking
npm run type-check
# Run linter
npm run lint
# Build
npm run buildLicense
MIT License - see the LICENSE file for details