Skip to content
Fluid Attacks Development Portal

Introduction

Model Context Protocol (MCP) server that provides tools for interacting with the Fluid API, enabling vulnerability management, organization insights, and GraphQL query execution.

Features

  • Vulnerability Management: Fetch and analyze vulnerabilities across groups
  • Organization Insights: Access organization and group information
  • Analytics: Retrieve analytics data for organizations and groups
  • GraphQL Integration: Execute custom GraphQL queries
  • Type System Exploration: Inspect API types, mutations, and queries

Tools

  • fetch_group_vulnerabilities
    • Fetch vulnerabilities information for a specified group
    • Parameters:
      • groupName: Group name to fetch vulnerabilities for
      • after: Cursor for pagination (optional)
      • state: Filter by vulnerability state (‘VULNERABLE’ or ‘SAFE’) (optional)
      • first: Number of results to return (optional)
      • severity: Filter by severity (‘LOW’, ‘MEDIUM’, ‘HIGH’, ‘CRITICAL’) (optional)
  • get_organization_groups
    • Get groups associated with an organization
    • Parameters:
      • organizationIdOrName: Organization identifier or name
  • get_group_roots
    • Get root information for a specific group
    • Parameters:
      • groupName: Name of the group
  • get_api_mutations
    • Get available API mutation operations
    • Parameters: None
  • get_api_queries
    • Get available API query operations
    • Parameters: None
  • describe_graphql_type
    • Get detailed information about a specific GraphQL type
    • Parameters:
      • typeName: Name of the type to inspect
  • execute_graphql_query
    • Execute a custom GraphQL query
    • Parameters:
      • query: GraphQL query to execute
      • variables: Variables for the query (optional)
  • get_fluid_api_overview
    • Retrieve the Fluid Attacks API Overview
    • Parameters: None
  • get_organization_analytics
    • Retrieve analytics information for an organization
    • Parameters:
      • organizationId: Organization identifier
      • documentName: Type of analytics document
      • documentType: Type of chart or visualization
    • Valid Combinations:
      • riskOverTimeCvssf with stackedBarChart
      • riskOverTime with stackedBarChart
      • distributionOverTimeCvssf with stackedBarChart
      • distributionOverTime with stackedBarChart
      • cvssfBenchmarking with stackedBarChart
      • assignedVulnerabilitiesCvssf with stackedBarChart
      • assignedVulnerabilities with stackedBarChart/pieChart
      • acceptedVulnerabilitiesBySeverity with stackedBarChart
      • acceptedVulnerabilitiesByUser with stackedBarChart
      • remediatedAcceptedGroup with stackedBarChart
      • availability with stackedBarChart
  • get_group_analytics
    • Retrieve analytics information for a group
  • Retrieve analytics information for a group
  • Parameters:
    • groupName: Group name
    • documentName: Type of analytics document
    • documentType: Type of chart or visualization
  • Valid Combinations:
    • riskOverTimeCvssf with stackedBarChart
    • riskOverTime with stackedBarChart
    • distributionOverTimeCvssf with stackedBarChart
    • distributionOverTime with stackedBarChart
    • assignedVulnerabilitiesCvssf with stackedBarChart
    • assignedVulnerabilities with stackedBarChart/pieChart
    • acceptedVulnerabilitiesBySeverity with stackedBarChart
    • acceptedVulnerabilitiesByUser with stackedBarChart
    • availability with pieChart
  • get_devsecops_agent_executions
    • Retrieve Forces execution information for a group
    • Description: Forces is the Fluid Attacks DevSecOps agent that detects new reported vulnerabilities and breaks the build
    • Parameters:
    • groupName: Name of the group to fetch executions for
    • after: Cursor for pagination (optional)
    • exitCode: Filter by execution exit code (“0” for success, “1” for failure) (optional)
    • first: Number of results to return (optional)
    • fromDate: Filter executions from this date (optional)
    • gitRepo: Filter by repository (optional)
    • gitRepoExactFilter: Exact match filter for repository (optional)

Resources

  • Api SDL (~50058 tokens)
    • GraphQL Schema Definition Language file
  • Fluid Attacks Overview (~2881 tokens)
    • Documentation about API entities, roles, and permissions

Setup

Requirements

API Token

Usage with Claude Desktop or Cursor

Add the following to your mcp.json:

{
  "mcpServers": {
    "fluidattacks-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@fluidattacks/mcp"
      ],
      "env": {
        "API_TOKEN": "your_api_token_here"
      }
    }
  }
}