Integrating the DryRun Insights MCP

Integrating the DryRun Insights MCP

🔍 Integrating DryRun Security Insights MCP

The DryRun Security Insights MCP enables AI assistants to securely connect to your organization's security data for powerful, context-aware code analysis.

What is the Insights MCP?

The Insights MCP is a Model Context Protocol (opens in a new tab) server that exposes DryRun Security’s rich security analysis to AI applications. Think of it as "USB-C for AI" – a standard way for agents to interact with security insights, trends, and context across your codebase.

Once connected, tools like Claude Desktop or other MCP-compatible clients can answer natural language questions about security posture, pull request vulnerabilities, Code Security Agent trends, and more.

✨ Capabilities

With the Insights MCP connected, AI assistants can:

🔐 Security Analysis & Insights

  • Daily Security Summaries Generate summaries of recent security activity over any 30-day window.

  • Pull Request Analysis Deep-dive into the security implications of a specific pull request.

  • File Security History View the historical security context and findings for a specific file.

  • Natural Language Search Ask questions like:

    “Have any new payment integrations been introduced in the last week?”

📊 Security Statistics & Trends

  • Code Security Agent Stats View the count and types of security issues (e.g., SQLi, XSS, IDOR) across your org.
  • Trend Monitoring Track security posture over time.
  • Repo-Specific Insights Drill down into findings by repository.

⚙️ Configuration Steps

NOTE: At this time, only Github users are supported. We are actively implementing Gitlab support.

1. Install an MCP-Compatible Client

Most MCP-compatible clients can connect directly to the Insights MCP over HTTP with OAuth support. Choose the option below that best matches your setup.

1.1 Direct HTTP Configuration (Recommended)

If your client supports HTTP-based MCP servers with OAuth, you can connect directly to the Insights MCP.

{
  "servers": {
    "DryrunSecurityInsights": {
      "url": "https://insights-mcp.dryrun.security/insights/mcp",
      "type": "http"
    }
  }
}
⚠️ Cursor Compatibility Notice

Known Issue: Cursor currently has a known bug in its MCP implementation that may cause authentication failures or connection issues when using HTTP-based MCP servers.

Workaround available: If you encounter issues in Cursor, we can apply a backend configuration workaround to enable compatibility and restore normal operation.

Please contact us at hi@dryrun.security if you need this workaround enabled for your environment.

1.2 Claude Shortcuts (Quick Setup)

Claude Code (CLI)
claude mcp add --transport http dryrun-security https://insights-mcp.dryrun.security/insights/mcp
Claude Desktop or Claude Web
  1. Navigate to https://claude.ai (opens in a new tab)
  2. Select Settings
  3. Select Connectors
  4. Click Add custom connector
  5. Enter the URL:
    https://insights-mcp.dryrun.security/insights/mcp
  6. Select Add

1.3 Using mcp-remote (Fallback / Non-HTTP Clients)

For clients that don’t support HTTP-based MCP servers or have limited OAuth support, or if you experience connection issues with a direct HTTP configuration, we recommend using mcp-remote (opens in a new tab).

This approach provides a stable and broadly compatible way to connect to the DryRun Security Insights MCP across all MCP-compatible clients.

Prerequisite: You must have Node.js installed.

Add the following entry to your mcp.config.json:

{
  "mcpServers": {
    "DryRun Security Insights": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://insights-mcp.dryrun.security/insights/mcp",
        "--transport",
        "http-only",
        "--auth-timeout",
        "120"
      ],
      "env": {
        "NODE_OPTIONS": "--dns-result-order=ipv4first"
      }
    }
  }
}

This configuration connects your MCP client to DryRun Security’s Insights MCP using a stable Streamable HTTP transport via mcp-remote.

2. Authorize the dryrunsecurity-insights-mcp GitHub OAuth Application

Open your MCP-compatible AI assistant (e.g., Claude Desktop) and start the DryRun Security Insights MCP if required (some clients will start the MCP automatically).

When you first start the DryRun Security Insights MCP you will be prompted in a browser to authorize the dryrunsecurity-insights-mcp GitHub OAuth application.

Important: Be sure to click the Grant button to grant access to the appropriate GitHub Organization.

✅ Verifying the Connection

Once your configuration is complete, open your MCP-compatible AI assistant (e.g., Claude Desktop), and you should see the DryRun Security Insights tool available in your toolset.

Try asking:

“What is my insights summary for the past week?”

Need Help?

If you're running into any issues connecting to the Insights MCP, reach out to us at hi@dryrun.security

Best Practices: Backgrounds in Natural Language Code PoliciesInstall DryRun Security for GitLab