← All Docs

MCP Integration

Connect CodeVigil to any AI assistant using the built-in MCP server.

What is MCP?

MCP (Model Context Protocol) is an open standard that lets AI assistants communicate with developer tools. CodeVigil ships a built-in MCP server so any MCP-compatible assistant can scan your code, explain findings, suggest fixes, and query the CVE database, all without leaving your preferred AI workflow.

Supported AI Assistants

CodeVigil works with any AI assistant that supports MCP:

  • GitHub Copilot Chat — native integration via the @codevigil chat participant (no MCP config needed)
  • Cursor — connect via MCP settings
  • Claude Code — connect via MCP config
  • Windsurf — connect via MCP settings
  • Any MCP client — any tool implementing the MCP specification can connect

Setting Up MCP

GitHub Copilot Chat

No extra setup is needed. Once CodeVigil is installed, type @codevigil in the Copilot Chat panel to start using it.

Cursor

Add CodeVigil to your Cursor MCP configuration (.cursor/mcp.json in your project or global settings):

{
  "mcpServers": {
    "codevigil": {
      "command": "codevigil",
      "args": ["mcp", "--stdio"]
    }
  }
}

Claude Code

Add CodeVigil to your Claude Code MCP settings (.claude/settings.json or project settings):

{
  "mcpServers": {
    "codevigil": {
      "command": "codevigil",
      "args": ["mcp", "--stdio"]
    }
  }
}

Windsurf

Add CodeVigil to your Windsurf MCP configuration:

{
  "mcpServers": {
    "codevigil": {
      "command": "codevigil",
      "args": ["mcp", "--stdio"]
    }
  }
}

Available MCP Capabilities

The MCP server exposes the following tools:

| Tool | Description | |------|-------------| | scan_file | Scan a file for security vulnerabilities | | explain_finding | Get a detailed explanation of a specific finding | | suggest_fix | Get a code fix suggestion for a vulnerability | | list_findings | List all current findings in the workspace | | check_dependencies | Check project dependencies against the CVE database | | lookup_cve | Look up a specific CVE by ID |

Example Prompts

These prompts work with any connected AI assistant:

Scanning

  • "Scan this file for security vulnerabilities"
  • "Are there any SQL injection risks in this project?"
  • "Check my dependencies for known CVEs"

Explaining Findings

  • "Explain the SQL injection finding on line 42"
  • "What OWASP category does this vulnerability fall under?"
  • "How serious is this XSS vulnerability?"

Getting Fixes

  • "How do I fix this command injection?"
  • "Suggest a secure alternative for this code"
  • "Rewrite this function to use parameterized queries"

CVE Lookups

  • "Look up CVE-2024-31287"
  • "Are any of my npm dependencies affected by recent CVEs?"
  • "What vulnerabilities affect lodash 4.17.20?"

MCP Server Source

The CodeVigil MCP server is open source. You can find the source code and report issues on our GitHub repository.