Model Context Protocol (MCP)
Unizo offers an MCP server that integrates application security systems with any LLM provider supporting the MCP protocol. This enables your AI agent to query application security assets, analyze scan results, and automate security assessments across Checkmarx, Semgrep, SonarQube, and other AppSec tools via a single MCP server.
Supported Tools & Use Cases
The following tools are available in the AppSec MCP Server:
| Tool Name | Description |
|---|---|
appsec_list_connectors | Get list of available application security services |
appsec_list_integrations | Get integrations for a specific AppSec service |
appsec_list_assets | Browse assets (projects/repositories) with pagination and sorting |
appsec_get_asset_details | Retrieve detailed asset information |
Tool Reference
Service Discovery Tools
appsec_list_connectors
Get list of available application security services
Parameters: None
Returns: List of available AppSec services (e.g., Checkmarx, Semgrep, SonarQube)
Example Response:
[
{"name": "checkmarx-one"},
{"name": "semgrep"},
{"name": "sonarqube"},
{"name": "aikido"}
]
appsec_list_integrations
Get integrations for a specific AppSec service
Parameters:
connector(string, required): Name of the service (e.g., "checkmarx-one", "semgrep")
Returns: List of integrations available for the specified service
Example Response:
[
{
"id": "integration-123",
"name": "Production Checkmarx"
},
{
"id": "integration-456",
"name": "Development SonarQube"
}
]
Asset Management Tools
appsec_list_assets
Browse assets (projects/repositories) with pagination and sorting
Parameters:
integration_id(string, required): Unique identifier for the integration
Returns: Paginated list of assets
Example Response:
{
"status": "success",
"message": "Retrieved 15 assets",
"data": {
"assets": [
{
"id": "project-001",
"name": "my-web-application",
"type": "REPOSITORY",
"state": "ACTIVE",
"description": "Main web application repository",
"changeLog": {
"createdDateTime": "2024-06-10T12:00:00Z",
"lastUpdatedDateTime": "2024-11-05T09:15:00Z"
}
},
{
"id": "project-002",
"name": "api-gateway-service",
"type": "REPOSITORY",
"state": "ACTIVE",
"description": "API gateway microservice",
"changeLog": {
"createdDateTime": "2024-05-15T10:00:00Z",
"lastUpdatedDateTime": "2024-11-04T22:30:00Z"
}
}
],
"pagination": {
"total": 50,
"offset": 0,
"limit": 20,
"next": 20,
"previous": null
},
"total_count": 50
}
}
appsec_get_asset_details
Retrieve detailed asset information
Parameters:
integration_id(string, required): Unique identifier for the integrationasset_id(string, required): Unique identifier of the asset
Returns: Comprehensive asset information
Example Response:
{
"status": "success",
"message": "Retrieved asset details for project-001",
"data": {
"asset": {
"id": "project-001",
"name": "my-web-application",
"type": "REPOSITORY",
"state": "ACTIVE",
"description": "Main web application repository",
"changeLog": {
"createdDateTime": "2024-06-10T12:00:00Z",
"lastUpdatedDateTime": "2024-11-05T09:15:00Z"
}
}
}
}
Installation
Prerequisites
- A Unizo API key
- An active Application Security integration (Checkmarx, Semgrep, SonarQube)
- Node.js v20 or higher
MCP Configuration
Here is an example configuration for setting up the Unizo AppSec MCP server:
{
"mcpServers": {
"unizo-appsec": {
"command": "npx",
"args": [
"mcp-remote",
"https://api.unizo.ai/mcp",
"--header",
"apikey:${UNIZO_API_KEY}",
"--header",
"x-mcp-scopes:appsec"
],
"env": {
"UNIZO_API_KEY": "your_api_key"
}
}
}
}
Client Setup
For detailed setup instructions with specific AI clients:
Environment Variables
The following environment variables are required:
UNIZO_API_KEY: Your Unizo API key
Error Handling
All tools return errors in a consistent format:
{
"status": "error",
"message": "Asset 'project-001' not found",
"traceback": "..."
}