Integrating the DryRun Insights MCP
🔍 Integrating DryRun Security Insights MCP
The DryRun Security Insights MCP enables AI assistants to securely connect to your organization's security data for powerful, context-aware code analysis.
What is the Insights MCP?
The Insights MCP is a Model Context Protocol (opens in a new tab) server that exposes DryRun Security’s rich security analysis to AI applications. Think of it as "USB-C for AI" – a standard way for agents to interact with security insights, trends, and context across your codebase.
Once connected, tools like Claude Desktop or other MCP-compatible clients can answer natural language questions about security posture, pull request vulnerabilities, Code Security Agent trends, and more.
✨ Capabilities
With the Insights MCP connected, AI assistants can:
🔐 Security Analysis & Insights
-
Daily Security Summaries Generate summaries of recent security activity over any 30-day window.
-
Pull Request Analysis Deep-dive into the security implications of a specific pull request.
-
File Security History View the historical security context and findings for a specific file.
-
Natural Language Search Ask questions like:
“Have any new payment integrations been introduced in the last week?”
📊 Security Statistics & Trends
- Code Security Agent Stats View the count and types of security issues (e.g., SQLi, XSS, IDOR) across your org.
- Trend Monitoring Track security posture over time.
- Repo-Specific Insights Drill down into findings by repository.
⚙️ Configuration Steps
NOTE: At this time, only Github users are supported. We are actively implementing Gitlab support.
1. Install an MCP-Compatible Client
We recommend mcp-remote (opens in a new tab) for the best experience. To use it, you'll need node installed.
2. Configure mcp.config.json (or relevant file)
Add the following entry to your mcp.config.json:
{
"mcpServers": {
"DryRun Security Insights": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://insights-mcp.dryrun.security/insights/mcp",
"--transport http-only"
],
"env": {
"NODE_OPTIONS": "--dns-result-order=ipv4first"
}
}
}
}
This tells your MCP client how to securely connect to DryRun Security’s Insights MCP using the Streamable HTTP transport.
3. Authorize the dryrunsecurity-insights-mcp GitHub OAuth Application
Open your MCP-compatible AI assistant (e.g., Claude Desktop) and start the DryRun Security Insights MCP if required (some clients will start the MCP automatically).
When you first start the DryRun Security Insights MCP you will be prompted in a browser to authorize the dryrunsecurity-insights-mcp GitHub OAuth application.
❗Important: Be sure to click the Grant button to grant access to the appropriate GitHub Organization.
✅ Verifying the Connection
Once your configuration is complete, open your MCP-compatible AI assistant (e.g., Claude Desktop), and you should see the DryRun Security Insights tool available in your toolset.
Try asking:
“What is my insights summary for the past week?”
Need Help?
If you're running into any issues connecting to the Insights MCP, reach out to us at hi@dryrun.security