← Back to Blog
mcpaiintegration

CodeVigil's MCP Server: Deeper AI-Assisted Security Scanning

BitsPlus Team·

You Shouldn't Be Locked to One AI Assistant

When we launched CodeVigil, Copilot Chat integration was the headline feature. Type @codevigil scan and get a security report right in your chat panel. Developers loved it.

But we kept hearing the same question: "I use Cursor (or Claude Code, or Windsurf). Can I get the same experience?"

The answer is now yes.

Introducing the CodeVigil MCP Server

Starting with v1.1, CodeVigil ships a built-in MCP (Model Context Protocol) server. MCP is an open standard that lets AI assistants communicate with developer tools through a common interface. Instead of building separate integrations for every AI assistant, we built one MCP server that works with all of them.

What the MCP Server Exposes

The MCP server gives your AI assistant access to everything CodeVigil can do:

  • Scan files — run a security scan on any file and get structured results
  • Explain findings — get detailed explanations of any vulnerability, including OWASP category and CWE reference
  • Suggest fixes — get code-level fix suggestions for specific vulnerabilities
  • List findings — see all current findings across your workspace
  • Check dependencies — scan your project's dependencies against 130,000+ known CVEs
  • Look up CVEs — query the local CVE database for specific vulnerability details

All of this is available through the MCP interface, giving your AI assistant full access to CodeVigil's triple-check scanning engine.

Setting It Up

Copilot Chat (No Change)

If you're already using Copilot Chat, nothing changes. The @codevigil participant works exactly as before.

Cursor

Add this to your .cursor/mcp.json:

{
  "mcpServers": {
    "codevigil": {
      "command": "codevigil",
      "args": ["mcp", "--stdio"]
    }
  }
}

Then ask Cursor to scan your code for security issues and it will use CodeVigil's tools automatically.

Claude Code

Add this to your .claude/settings.json:

{
  "mcpServers": {
    "codevigil": {
      "command": "codevigil",
      "args": ["mcp", "--stdio"]
    }
  }
}

Windsurf

Add the same config block to your Windsurf MCP settings. The server configuration is identical across all assistants.

Why MCP?

We chose MCP because it's an open standard. We don't have to maintain separate plugins for each assistant, and you don't have to wait for us to support your preferred tool. If your AI assistant supports MCP, it works with CodeVigil today.

This also means that as new AI assistants launch with MCP support, they'll work with CodeVigil out of the box. No update needed on our end.

The MCP Server is Open Source

The MCP server code is part of the CodeVigil repository on GitHub. If you want to see how it works, extend it, or report an issue, you can do that directly.

What's Next

We're working on expanding the MCP server's capabilities. Planned additions include workspace-wide scanning, finding trend analysis, and the ability to create and manage baselines through your AI assistant. If you have ideas for what you'd like your AI assistant to do with CodeVigil, let us know on GitHub.

For full setup instructions and example prompts, see the MCP Integration docs.

← All Posts