RAD Security

Interact with the RAD Security platform which provides AI-powered security insights for Kubernetes and cloud environments.

GitHub

RAD Security MCP Server

A Model Context Protocol (MCP) server for RAD Security, providing AI-powered security insights for Kubernetes and cloud environments.

RAD Security MCP server

Installation

npm install @rad-security/mcp-server

Usage

Prerequisites

  • Node.js 20.x or higher

Environment Variables

The following environment variables are required to use the MCP server with Rad Security:

RAD_SECURITY_ACCESS_KEY_ID="your_access_key"
RAD_SECURITY_SECRET_KEY="your_secret_key"
RAD_SECURITY_ACCOUNT_ID="your_account_id"

Optional environment variables:

RAD_SECURITY_TENANT_ID="your_tenant_id"  # Optional: If not provided, will be fetched automatically from the account

Optional: Filter Toolkits

You can control which toolkits are exposed by the MCP server using these environment variables:

  • INCLUDE_TOOLKITS: Comma-separated list of toolkits to include (only these will be enabled)
  • EXCLUDE_TOOLKITS: Comma-separated list of toolkits to exclude (all except these will be enabled)

Available toolkits:

  • containers - Container inventory operations
  • clusters - Kubernetes cluster operations
  • identities - Identity management operations
  • audit - Audit log operations
  • cloud_inventory - Cloud resource inventory
  • images - Container image operations
  • kubeobject - Kubernetes resource operations
  • misconfigs - Misconfiguration detection
  • runtime - Runtime analysis operations
  • runtime_network - Network traffic analysis
  • threats - Threat vector operations
  • findings - Security findings operations
  • cves - CVE database operations
  • inbox - Inbox item operations
  • workflows - Workflow execution operations
  • knowledge_base - Knowledge base search operations
  • radql - Query interface for rad data platform

Examples:

# Only enable workflow toolkit
INCLUDE_TOOLKITS="workflows"

# Enable only containers and images toolkits
INCLUDE_TOOLKITS="containers,images"

# Exclude workflow toolkit (enable all others)
EXCLUDE_TOOLKITS="workflows"

# Exclude runtime and threat toolkits
EXCLUDE_TOOLKITS="runtime,threats"

Note: If INCLUDE_TOOLKITS is set, EXCLUDE_TOOLKITS is ignored.

Operations Without Authentication

You can also use few operations without authentication:

  • List CVEs
  • Get details of a specific CVE
  • Get latest 30 CVEs
  • List Kubernetes resource misconfiguration policies

In cursor IDE

It's quite problematic to set ENV variables in cursor IDE.

So, you can use the following start.sh script to start the server.

./start.sh

Please set the ENV variables in the start.sh script first!

In Claude Desktop

You can use the following config to start the server in Claude Desktop.

{
  "mcpServers": {
    "rad-security": {
      "command": "npx",
      "args": ["-y", "@rad-security/mcp-server"],
      "env": {
        "RAD_SECURITY_ACCESS_KEY_ID": "<your-access-key-id>",
        "RAD_SECURITY_SECRET_KEY": "<your-secret-key>",
        "RAD_SECURITY_ACCOUNT_ID": "<your-account-id>"
      }
    }
  }
}

To filter toolkits, add INCLUDE_TOOLKITS or EXCLUDE_TOOLKITS to the env:

{
  "mcpServers": {
    "rad-security": {
      "command": "npx",
      "args": ["-y", "@rad-security/mcp-server"],
      "env": {
        "RAD_SECURITY_ACCESS_KEY_ID": "<your-access-key-id>",
        "RAD_SECURITY_SECRET_KEY": "<your-secret-key>",
        "RAD_SECURITY_ACCOUNT_ID": "<your-account-id>",
        "EXCLUDE_TOOLKITS": "workflows"
      }
    }
  }

As a Docker Container - with Streamable HTTP

docker build -t rad-security/mcp-server .
docker run \
  -e TRANSPORT_TYPE=streamable \
  -e RAD_SECURITY_ACCESS_KEY_ID=your_access_key \
  -e RAD_SECURITY_SECRET_KEY=your_secret_key \
  -e RAD_SECURITY_ACCOUNT_ID=your_account_id \
  -p 3000:3000 \
  rad-security/mcp-server

With toolkit filters:

docker run \
  -e TRANSPORT_TYPE=streamable \
  -e RAD_SECURITY_ACCESS_KEY_ID=your_access_key \
  -e RAD_SECURITY_SECRET_KEY=your_secret_key \
  -e RAD_SECURITY_ACCOUNT_ID=your_account_id \
  -e INCLUDE_TOOLKITS=workflows,containers \
  -p 3000:3000 \
  rad-security/mcp-server

As a Docker Container - with SSE (deprecated)

Note: The SSE transport is now deprecated in favor of Streamable HTTP. It's still supported for backward compatibility, but it's recommended to use Streamable HTTP instead.

docker build -t rad-security/mcp-server .
docker run \
  -e TRANSPORT_TYPE=sse \
  -e RAD_SECURITY_ACCESS_KEY_ID=your_access_key \
  -e RAD_SECURITY_SECRET_KEY=your_secret_key \
  -e RAD_SECURITY_ACCOUNT_ID=your_account_id \
  -p 3000:3000 \
  rad-security/mcp-server

Features

  • Account Inventory

    • List clusters and their details*

  • Containers Inventory

    • List containers and their details*

  • Security Findings

    • List and analyze security findings*

  • Runtime Security

    • Get process trees of running containers*
    • Get runtime baselines of running containers*
    • Analyze process behavior of running containers*

  • Network Security

    • Monitor HTTP requests*
    • Track network connections*
    • Analyze network patterns*

  • Identity and Access

    • List identities*
    • Get identity details*

  • Audit

    • List who shelled into a pod*

  • Cloud Security

    • List and monitor cloud resources*
    • Get resource details and compliance status*

  • Images

    • Get SBOMs*
    • List images and their vulnerabilities*
    • Get top vulnerable images*

  • Kubernetes Objects

    • Get details of a specific Kubernetes resource*
    • List Kubernetes resources*
    • List Kubernetes resource misconfiguration policies*

  • Threat Vector

    • List threat vectors*
    • Get details of a specific threat vector*

  • CVEs

    • List CVEs
    • Get details of a specific CVE
    • Get latest 30 CVEs

  • RadQL (Advanced Querying)

    • List available data types for querying (containers, findings, kubernetes_resources, etc.)*
    • Get schema/metadata for specific data types*
    • List possible values for filter fields*
    • Execute RadQL queries with filtering, searching, and aggregations*
    • Build queries programmatically from structured conditions*
    • Execute multiple queries in parallel*

* - requires authentication and account in Rad Security.

Development

# Install dependencies
npm install

# Run type checking
npm run type-check

# Run linter
npm run lint

# Build
npm run build

License

MIT License - see the LICENSE file for details

Server Terkait