kubescape-mcp-server

# Kubescape MCP Server :exclamation: **Warning: This is a playground project and most likely will be moved to Kubescape organization soon.** Kubescape MCP Server is a middleware component that exposes Kubernetes vulnerability manifests and related tools via the Mark3 Labs MCP protocol. It enables discovery, listing, and querying of vulnerabilities at both image and workload levels in your Kubernetes cluster. ## Features - List available vulnerability manifests for images and workloads - Query all vulnerabilities in a given manifest - Query all matches for a specific CVE in a manifest - Expose vulnerability manifest resources via MCP resource templates ## Usage 1. **Build and Run** - Ensure you have Go installed (1.18+ recommended). - Clone the repository and build the server: ```sh go build -o ks-mcpserver ks-mcpserver.go ./ks-mcpserver ``` - The server will start and listen for MCP protocol requests via stdio. 2. **Kubernetes Access** - The server requires access to your Kubernetes cluster and expects the appropriate kubeconfig/context. - It uses the Kubescape storage API to fetch vulnerability manifests. 3. **MCP Tools** - The following tools are available: - `list_vulnerability_manifests`: Discover available vulnerability manifests at image and workload levels. - `list_vulnerabilities_in_manifest`: List all vulnerabilities in a given manifest. - `list_vulnerability_matches_for_cve`: List all vulnerability matches for a given CVE in a given manifest. 4. **Resource Templates** - Vulnerability manifests are exposed as MCP resources, e.g.: - `kubescape://vulnerability-manifests/{namespace}/{manifest_name}/cve_list` - `kubescape://vulnerability-manifests/{namespace}/{manifest_name}/cve_details/{cve_id}` ## Development - Contributions are welcome! Please open issues or pull requests for bug fixes, features, or documentation improvements. - Ensure code is formatted with `gofmt` and passes linting. ## License This project is licensed under the Apache 2.0 or MIT License. See `LICENSE` for details.