An MCP (Model Context Protocol) server that integrates with Aikido Security to fetch vulnerability information for your repositories. This allows Claude to access your security findings and help you understand and fix vulnerabilities.
- List all monitored repositories
- Search repositories by name
- Fetch security issues with filtering by severity and type
- Get detailed vulnerability information including remediation guidance
- View grouped issues across your codebase
- Node.js 18+
- An Aikido Security account with API access
- API credentials (Client ID and Client Secret)
You'll need to create API credentials in your Aikido dashboard:
Create API Credentials in Aikido Settings
Or follow these steps:
- Log into your Aikido dashboard
- Navigate to Settings > Integrations > Public REST API (direct link)
- Click Add Client
- Give it a name, select Private App type
- Enable the required permissions:
basics:read- Required for basic workspace informationissues:read- Required for fetching vulnerabilitiesrepositories:read- Required for fetching repositories
- Click Save and copy your Client ID and Client Secret
Note: The Client Secret is only shown once. Save it immediately.
git clone https://github.com/visma-prodsec/aikido-api-mcp.git
cd aikido-api-mcp
npm install
npm run buildclaude mcp add aikido node /path/to/aikido-api-mcp/dist/index.js \
-e AIKIDO_CLIENT_ID=your_client_id \
-e AIKIDO_API_KEY=your_client_secretAdd to your Claude MCP settings (~/.claude.json or Claude Desktop config):
{
"mcpServers": {
"aikido-api": {
"command": "node",
"args": ["/path/to/aikido-api-mcp/dist/index.js"],
"env": {
"AIKIDO_CLIENT_ID": "your_client_id",
"AIKIDO_API_KEY": "your_client_secret"
}
}
}
}List all code repositories monitored by Aikido.
Search for a repository by name to find its ID.
Parameters:
name(required): Repository name or partial name to search for
Get security issues for a repository. Returns condensed summaries.
Parameters:
repo_id: Repository ID (uselist_repositoriesto find this)severity: Filter by severity levels (critical,high,medium,low)issue_type: Filter by type (open_source,leaked_secret,sast,iac,container,cloud,dast)page: Page number (0-indexed)per_page: Results per page (max 100)
Get full details for a specific issue including remediation steps.
Parameters:
issue_id(required): The issue ID
Get grouped view of open issues. Issues are grouped by vulnerability type.
Parameters:
repo_id: Repository ID to filterseverity: Filter by severity levelspage: Page number (0-indexed)per_page: Results per page (max 50)
Get detailed information about an issue group.
Parameters:
group_id(required): The issue group ID
Force a refresh of the Aikido API access token, discarding the cached token. Returns the new token's expiry time in seconds.
Once configured, you can ask Claude things like:
- "What security vulnerabilities are in my project?"
- "Show me the critical issues in the api-service repo"
- "Get details on issue 12345 and help me fix it"
- "What SQL injection vulnerabilities exist in my codebase?"
| Variable | Description |
|---|---|
AIKIDO_CLIENT_ID |
Your Aikido API Client ID |
AIKIDO_API_KEY |
Your Aikido API Client Secret |
The server defaults to the EU endpoint (app.aikido.dev). If you need to use a different region, you can modify the AIKIDO_BASE_URL in the source:
- EU:
https://app.aikido.dev/api - US:
https://app.us.aikido.dev/api - Middle East:
https://app.me.aikido.dev/api
ISC