What servers are in the DevSecOps Stack?

The DevSecOps Stack includes 6 servers: Docker MCP, GitHub MCP, Semgrep MCP, SonarQube MCP, Trivy MCP, Sentry MCP. Total token usage: 34,130.

Is the DevSecOps Stack good for beginners?

The DevSecOps Stack is rated advanced. It is best suited for developers already familiar with MCP servers, API integrations, and complex toolchain configurations.

How do I install the DevSecOps Stack?

Copy the config for your editor (Claude Code, Cursor, VS Code, Windsurf, Claude Desktop, or Continue) from the config generator above. Replace the YOUR_ placeholders with your actual API keys.

Advanced

DevSecOps Stack

Shift security left by integrating vulnerability scanning, code analysis, and container security directly into your development workflow.

6 servers34.1K tokens17% of context

Token Budget

34.1K used (17.1%)165.9K remaining

GitHub MCP10.3K (5.1%)

Docker MCP7.2K (3.6%)

SonarQube MCP6.5K (3.3%)

Sentry MCP4.1K (2.1%)

Semgrep MCP3.5K (1.8%)

Trivy MCP2.5K (1.3%)

Moderate token usage. You will have good room for prompts but watch if adding more servers.

Config

Paste in ~/.claude.json

json

{
  "mcpServers": {
    "github-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-github"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "YOUR_GITHUB_PERSONAL_ACCESS_TOKEN"
      }
    },
    "docker-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "docker-mcp"
      ]
    },
    "sonarqube-mcp": {
      "command": "docker",
      "args": [
        "run",
        "--init",
        "--pull=always",
        "-i",
        "--rm",
        "mcp/sonarqube"
      ],
      "env": {
        "SONARQUBE_TOKEN": "YOUR_SONARQUBE_TOKEN",
        "SONARQUBE_URL": "YOUR_SONARQUBE_URL",
        "SONARQUBE_ORG": "YOUR_SONARQUBE_ORG"
      }
    },
    "sentry-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "sentry-mcp"
      ],
      "env": {
        "SENTRY_AUTH_TOKEN": "YOUR_SENTRY_AUTH_TOKEN"
      }
    },
    "semgrep-mcp": {
      "command": "uvx",
      "args": [
        "semgrep-mcp"
      ]
    },
    "trivy-mcp": {
      "command": "trivy",
      "args": [
        "mcp"
      ]
    }
  }
}

Included Servers

Docker MCP

Community

devops

Manage Docker containers, images, volumes, and networks. Run, stop, inspect, and monitor containers from your AI editor.

448161/wk7.2K tokens(4%)1y ago

Build, scan, and manage container images to ensure your deployments start from a secure, reproducible foundation.

GitHub MCP

Anthropic

developer-tools

Access the GitHub API to manage repositories, issues, pull requests, branches, and workflows directly from your AI editor.

79.2k45.9k/wk10.3K tokens(5%)Officialyesterday

Automate security-focused CI/CD pipelines, manage branch protection rules, and enforce code review policies across repositories.

Semgrep MCP

Semgrep

security

Static analysis security scanning with custom rules, AST analysis, and multi-language vulnerability detection. Official Semgrep implementation.

6350/wk3.5K tokens(2%)Official1w ago

Run static analysis to catch security vulnerabilities, anti-patterns, and compliance issues directly in your source code.

SonarQube MCP

SonarSource

security

Code quality analysis, security hotspot detection, and vulnerability tracking from SonarQube Cloud or Server. Official SonarSource implementation.

3900/wk6.5K tokens(3%)Official6d ago

Continuously inspect code quality and security hotspots, tracking technical debt and vulnerability trends over time.

Trivy MCP

Aqua Security

security

Container image scanning, filesystem vulnerability detection, and infrastructure misconfiguration analysis. Official Aqua Security implementation.

380/wk2.5K tokens(1%)Official2w ago

Scan containers, filesystems, and dependencies for known CVEs so vulnerabilities are caught before they reach production.

Sentry MCP

Sentry

monitoring

Query Sentry for error tracking, performance monitoring, and issue management directly from your AI editor.

5645/wk4.1K tokens(2%)Official4d ago

Monitor runtime errors and security-related exceptions in production to detect and respond to incidents quickly.

Recommended Skills

Skills that pair with the servers in this stack. Learn more

For Docker MCP

Docker Expertbest-practices

Multi-stage builds, image optimization, container security, Compose orchestration, and production deployment patterns.

npx skillsadd sickn33/antigravity-awesome-skills/docker-expert

Senior DevOps Engineerrole

CI/CD pipelines, infrastructure automation, containerization, and cloud platform expertise. Pairs with Docker MCP for hands-on container management.

For GitHub MCP

GitHub CLI Workflowsworkflow

Use gh CLI for all GitHub operations including stacked PR workflows, issue management, and CI/CD automation.

npx skillsadd callstackincubator/agent-skills/github

Fix CI Failuresworkflow

Debug and fix failing GitHub PR checks in GitHub Actions. Automatically diagnoses CI issues and suggests fixes.

npx skillsadd openai/skills/gh-fix-ci

Address PR Commentsworkflow

Address PR review comments using GitHub CLI. Streamlines the code review response workflow.

npx skillsadd openai/skills/gh-address-comments

Code Reviewerrole

Automated code review for TypeScript, JavaScript, Python, Go. Analyzes PRs for complexity, SOLID violations, and code smells.

For Sentry MCP

Sentry Observabilityworkflow

Read-only observability: list issues, view events, monitor production errors via Sentry API. Includes bundled Python script.

npx skillsadd openai/skills/sentry