Cycode

Exposes Cycode scanning capabilities to AI systems via a standardized MCP interface for secrets, IaC, SCA, and SAST.
  • other

96

GitHub Stars

other

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

You enable AI-assisted interactions with Cycode scanning features by running the MCP server. This server exposes Cycode’s scanning tools to AI systems and applications through a standardized interface, allowing you to integrate secrets, IaC, SCA, and SAST capabilities into your workflows.

How to use

You can connect to the MCP server in two primary ways: run a local MCP server as a stdio transport that your AI applications spawn, or connect via HTTP transports (Server-Sent Events or streamable HTTP) exposed by a running MCP server. Start the local server to enable direct, in-process communication, or point your client to a running HTTP endpoint for remote access. After starting, your client can invoke the available tools to scan code, receive results, and drive remediation workflows.

How to install

Prerequisites: You need Python 3.9 or later to install and use the Cycode CLI. The MCP command is available only for Python 3.10 and above. If you are using an older Python version, the MCP command will not be available.

Install the Cycode CLI locally using one of these options. Ensure you have Python and PIP available as the commands may be named differently in your environment.

pip3 install cycode
brew install cycode

Additional configuration and startup notes

To authenticate the CLI, you can use one of these methods: cycode auth (recommended), cycode configure, or environment variables. You may also provide the Cycode client credentials through environment variables if you prefer.

MCP Command [EXPERIMENTAL]

The MCP command is available when you run the Cycode CLI with Python 3.10 or later. It starts a server that exposes Cycode scanning capabilities to AI systems and applications. You can run a local MCP server with the default stdio transport or connect to HTTP endpoints for remote access.

Configuration and examples

Multiple MCP connection methods are shown in the examples. You can run the MCP server locally using stdio transport or configure clients to connect via SSE or streamable HTTP transports.

Security and credentials

Use the recommended authentication flow first (cycode auth). If you set credentials via environment variables, ensure they are kept secure and are not exposed in logs or shared configurations.

Troubleshooting and tips

If you encounter issues starting or communicating with the MCP server, enable verbose logging when launching the server to obtain detailed startup, connection, and tool execution information.

Notes

The MCP server configuration shown includes a local stdio configuration and two HTTP transport configurations that you can adopt as needed. Use the HTTP transports to integrate with external tools or remote environments, while the stdio transport is ideal for local development and direct AI integrations.

Available tools

cycode_secret_scan

Scan files for hardcoded secrets within the connected codebase.

cycode_sca_scan

Scan for Software Composition Analysis findings, including vulnerabilities and license issues.

cycode_iac_scan

Scan Infrastructure as Code configurations for misconfigurations.

cycode_sast_scan

Scan code for Static Application Security Testing concerns and quality issues.

cycode_status

Fetch CLI version, authentication status, and current configuration information.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational