Capabilities and use cases
Some of our MCP capabilities are available to everyone (no authentication required), while others are available only to authenticated users (API token required).
(a) Start chats with a mention of Fluid Attacks’ API (e.g., “Using Fluid Attacks’ API, […]”), (b) always specify whether your requests are at the group or the organization level, and (c) for requests at the group level, specify the name of the organization as well.
Analytics and reporting
Get organization analytics
Tool: get_organization_analytics
What it does: Shows security trends and metrics for your entire organization.
When to use:
- Monthly security reviews
- Executive reporting
- Tracking security improvement over time
Examples of requests:
- “Show me our ORGANIZATION_NAME’s security risk trend for the last quarter.”
- “How has our vulnerability count changed over time in the group GROUP_NAME?”
Get group analytics
Tool: get_group_analytics
What it does: Shows security trends and metrics for a specific group/project.
When to use:
- Project-specific security reviews
- Sprint planning
- Tracking remediation progress
Examples of requests:
- “Show the security trend for the group GROUP_NAME.”
- “How many vulnerabilities were fixed in the group GROUP_NAME this month?”
- “What’s the distribution of vulnerabilities in the group GROUP_NAME?”
Vulnerability discovery and management
Find weaknesses in a group
Tool: fetch_group_weaknesses
What it does: Lists types of security issues (e.g., SQL Injection, XSS) found in your projects.
When to use:
- Understanding what types of vulnerabilities you have
- Planning targeted security training
- Prioritizing remediation efforts
Examples of requests:
- “What types of vulnerabilities exist in the group GROUP_NAME?”
- “Show me all critical security weaknesses in the group GROUP_NAME.”
- “List SQL injection findings across my groups.”
Find specific vulnerabilities
Tool: fetch_weakness_vulnerabilities
What it does: Lists exact instances of vulnerabilities with their locations in your code.
When to use:
- Assigning fixes to developers
- Tracking specific security issues
- Understanding where problems exist in your code
Examples of requests:
- “Show me all XSS vulnerabilities in the frontend code repo for the group GROUP_NAME.”
- “List untreated vulnerabilities by priority for the group GROUP_NAME.”
- “What vulnerabilities are in the authentication module of the group GROUP_NAME?”
Get vulnerability details
Tool: get_vulnerability_details
What it does: Shows complete information about a specific vulnerability.
When to use:
- Investigating a security issue
- Understanding how to fix a vulnerability
- Reviewing a vulnerability before closing it
Examples of requests:
- “Show me details for vulnerability VULNERABILITY_UUID.”
- “What’s the full information on the SQL injection in login.py for the group GROUP_NAME?”
Get a vulnerability report
Tool: get_group_weaknesses_report
What it does: Creates a comprehensive report grouping vulnerabilities by type.
When to use:
- Security audits
- Compliance reporting
- Sprint planning meetings
- Management presentations
Examples of requests:
- “Generate a vulnerability report for the ProductionAPI group.”
- “Show me a report of all open security issues in the group GROUP_NAME.”
- “Create a summary of vulnerabilities by severity in the group GROUP_NAME.”
Get a vulnerability overview
Tool: get_group_weaknesses_overview
What it does: Shows counts of vulnerabilities and weaknesses at a glance.
When to use:
- Quick daily status checks
- Dashboard creation
- Priority assessment
Examples of requests:
- “How many open vulnerabilities do we have in the group GROUP_NAME?”
- “Give me a vulnerability count summary for the group GROUP_NAME.”
- “What’s the current vulnerability status for the group GROUP_NAME?”
Asset discovery (roots)
View Git repositories
Tool: get_group_git_roots
What it does: Lists source code repositories being tested for security.
When to use:
- Verifying what code is being scanned
- Finding specific repositories
- Ensuring all code is covered
Examples of requests:
- “What Git repositories are we testing?”
- “Show me all code repositories for the group GROUP_NAME.”
- “Is the frontend repository being scanned?”
View IP addresses
Tool: get_group_ip_roots
What it does: Lists applications and services accessible via IP addresses being tested.
When to use:
- Black-box testing scope verification
- Network security assessment
- Infrastructure testing
Examples of requests:
- “What IP addresses are we scanning?”
- “Show me all tested network endpoints.”
- “List IPs being tested for the WebApp group.”
View URLs
Tool: get_group_url_roots
What it does: Lists live websites and web applications being tested.
When to use:
- Verifying production testing scope
- Web application security assessment
- Ensuring all environments are covered
Examples of requests:
- “What websites are we testing?”
- “Show me all URLs for the E-commerce project.”
- “List production environments being scanned.”
View vulnerabilities by root
Tool: fetch_group_root_vulnerabilities
What it does: Shows vulnerabilities found in a specific repository, IP, or URL.
When to use:
- Repository-specific security review
- Assigning work to teams responsible for specific assets
- Understanding security issues in one part of your infrastructure
Examples of requests:
- “What vulnerabilities are in the main-app repository?”
- “Show me security issues for the production URL.”
- “List vulnerabilities found in the API server IP.”
Security scanning
Run SCA scanner
Tool: run_sca_scanner
What it does: Provides instructions to scan your project dependencies for known vulnerabilities.
When to use:
- After adding new dependencies
- Before releasing new versions
- Regular security audits of libraries
Examples of requests:
- “How do I scan my dependencies?”
- “Run an SCA scan on this project.”
- “Check my npm packages for vulnerabilities.”
What it scans:
- Package.json and lock files
- Requirements.txt and poetry files
- Composer.json
- pom.xml and gradle files
- Any dependency management files
Run SAST scanner
Tool: run_sast_scanner
What it does: Provides instructions to scan your source code for security vulnerabilities.
When to use:
- After writing new code
- Before code reviews
- Pre-deployment security checks
Examples of requests:
- “How do I scan my code for vulnerabilities?”
- “Run a SAST scan on the authentication module.”
- “Check my Python code for security issues.”
What it finds:
- SQL injection
- Cross-site scripting (XSS)
- Security misconfigurations
- Hardcoded secrets
- Insecure cryptography
- And 100+ other vulnerability types
Run both scanners
Tool: run_sca_and_sast_scanners
What it does: Provides instructions to run SAST and SCA scans together.
When to use:
- Comprehensive security assessment
- Pre-production security gate
- Weekly security checks
Examples of requests:
- “Run a complete security scan.”
- “Scan both my code and dependencies.”
- “Do a full security assessment.”
No authentication required. However, Docker is required to run the scanners. See “Docker installation ” for more information.
DevSecOps integration
View CI/CD security results
Tool: get_devsecops_agent_executions
What it does: Shows results from automated security scans in your development pipeline.
When to use:
- Checking build status
- Investigating failed security gates
- Monitoring automation effectiveness
Examples of requests:
- “How many builds failed security checks this week for the group GROUP_NAME?”
- “What was the result of the last Forces execution for the group GROUP_NAME?”
View unsolved events
Tool: get_unsolved_events
What it does: Lists security incidents and situations requiring attention.
When to use:
- Daily incident review
- Security event management
- Prioritizing urgent issues
Examples of requests:
- “What security events need my attention?”
- “Show me unsolved incidents.”
- “List open security events.”
Knowledge Base/Documentation
Search articles
Tool: search_related_articles
What it does: Searches Fluid Attacks’ security knowledge base for relevant information.
When to use:
- Learning about vulnerability types
- Finding remediation guidance
- Understanding security concepts
Examples of requests:
- “How to configure the SCA scanner to run on Azure DevOps?”
- “What is cross-site scripting?”
Topics covered:
- Vulnerability explanations
- Remediation guides
- Security best practices
- Platform usage instructions
- Compliance guidance
Specialized prompts
The implementation of our MCP includes the following specialized prompts, which are designed to help AI agents perform security-related tasks:
run_sca
Pass the instructions to run the SCA scanner to the LLM.
Usage: /fluidattacks-mcp/run_sca
run_sast
Pass the instructions to run the SAST scanner to the LLM.
Usage: /fluidattacks-mcp/run_sast
run_sca_and_sast
Pass the instructions to run the SCA and SAST scanners to the LLM.
Usage: /fluidattacks-mcp/run_sca_and_sast
get_technology_based_remediation_strategy
Pass the technology-specific remediation guidance to the LLM.
Usage: /fluidattacksmcp/get_technology_based_remediation_strategy
This is the only prompt that requires an API token.
configure_github_sca_integration
Pass the instructions to configure the SCA scanner to run on GitHub Actions to the LLM.
Usage: /fluidattacks-mcp/configure_github_sca_integration
configure_github_sast_integration
Pass the instructions to configure the SAST scanner to run on GitHub Actions to the LLM.
Usage: /fluidattacks-mcp/configure_github_sast_integration
configure_agents_md
Configure the AGENTS.md file in the project root directory.
Usage: /fluidattacks-mcp/config_agents_md
How to use these prompts
To use Fluid Attacks MCP prompts,
you start by typing the command name in the chat of your AI agent.
For example,
to configure the AGENTS.md file,
you would type: /fluidattacks-mcp/config_agents_md
Select the command you want to use and press Enter.
Have an idea to simplify our architecture, or noticed docs that could use some love? Don’t hesitate to open an issue or submit improvements.