Skip to content
Fluid Attacks Development Portal

Introduction

Model Context Protocol (MCP) server that provides tools for interacting with the Fluid API, enabling vulnerability management, organization insights, and GraphQL query execution.

Features

  • Vulnerability Management: Fetch and analyze vulnerabilities across groups
  • Organization Insights: Access organization and group information
  • Analytics: Retrieve analytics data for organizations and groups
  • GraphQL Integration: Execute custom GraphQL queries
  • Type System Exploration: Inspect API types, mutations, and queries

Tools

Information Retrieval Tools

  • get_organization_groups
    • Get groups associated with an organization
    • Parameters:
      • organization_id_or_name: Organization identifier or name
  • get_group_git_roots
    • Get Git root information for a specific group
    • Parameters:
      • group_name: Name of the group
      • nickname: Root nickname (optional)
      • search: Word to match on git URL or nickname (optional)
      • start_cursor: Cursor to start from (optional)
  • get_group_ip_roots
    • Get IP root information for a specific group
    • Parameters:
      • group_name: Name of the group
      • search: Word to match on IP address (optional)
      • start_cursor: Cursor to start from (optional)
  • get_group_url_roots
    • Get URL root information for a specific group
    • Parameters:
      • group_name: Name of the group
      • search: Word to match on URL (optional)
      • start_cursor: Cursor to start from (optional)
  • describe_graphql_type
    • Get detailed information about a specific GraphQL type
    • Parameters:
      • type_name: Name of the type to inspect
  • query
    • Execute a custom GraphQL query
    • Parameters:
      • query: GraphQL query to execute
      • variables: Variables for the query (optional)
  • get_organization_analytics
    • Retrieve analytics information for an organization
    • Parameters:
      • organization_id_or_name: Organization identifier or name
      • document_name: Type of analytics document
      • document_type: Type of chart or visualization
  • get_group_analytics
    • Retrieve analytics information for a group
    • Parameters:
      • group_name: Group name
      • document_name: Type of analytics document
      • document_type: Type of chart or visualization
  • get_devsecops_agent_executions
    • Retrieve Forces execution information for a group
    • Parameters:
      • group_name: Name of the group to fetch executions for
      • after: Cursor for pagination (optional)
      • exit_code: Filter by execution exit code (“0” for success, “1” for failure) (optional)
      • first: Number of results to return (optional)
      • from_date: Filter executions from this date (optional)
      • git_repo: Filter by repository (optional)
      • git_repo_exact_filter: Exact match filter for repository (optional)
  • fetch_finding_vulnerabilities
    • Fetch vulnerabilities for a specific finding
    • Parameters:
      • finding_id: ID of the finding to fetch vulnerabilities for
  • fetch_group_findings
    • Fetch findings for a specific group
    • Parameters:
      • group: Name of the group to fetch findings for
      • state: Filter by finding state (optional)
      • severity: Filter by severity (optional)
      • technique: Filter by technique (optional)
  • fetch_group_root_vulnerabilities
    • Fetch vulnerabilities for a specific group root
    • Parameters:
      • group_name: Name of the group
      • root_nickname: Nickname of the root to fetch vulnerabilities for
      • state: Filter by vulnerability state (optional)
      • severity: Filter by severity (optional)
      • first: Number of results to return (optional)
      • after: Cursor to start from (optional)
  • get_unsolved_events
    • Get unsolved events for a group
    • Parameters:
      • first: Number of results to return (optional)
      • after: Cursor to start from (optional)

Inspection Tools

  • get_api_queries
    • Get available API query operations
    • Parameters: None
  • get_api_mutations
    • Get available API mutation operations
    • Parameters: None
  • get_mutation_details
    • Get detailed information about a specific mutation
    • Parameters:
      • mutation_name: Name of the mutation to inspect

Resources

  • Api SDL (~50058 tokens)
    • GraphQL Schema Definition Language file
  • Fluid Attacks Overview (~2881 tokens)
    • Documentation about API entities, roles, and permissions

Setup

Requirements

API Token

Usage with Claude Desktop or Cursor

Add the following to your mcp.json:

{
  "mcpServers": {
    "fluidattacks-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@fluidattacks/mcp"
      ],
      "env": {
        "API_TOKEN": "your_api_token_here"
      }
    }
  }
}