BLT-MCP is a Model Context Protocol server for OWASP BLT.
It provides a clean interface for MCP clients that need to read BLT data, run authenticated actions, and reuse security-focused prompt templates.
The server currently includes:
- MCP resources for issues, contributors, projects, hunts, rewards, leaderboard, and stats
- MCP tools for read operations and authenticated write operations
- MCP prompts for triage, remediation planning, contribution review, and reporting
- two transports:
stdiofor desktop MCP clientshttp(HTTP/SSE) for service and web integrations
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
pip install -r requirements-dev.txt
pytest -qRun in stdio mode:
python -m blt_mcpRun in HTTP mode:
MCP_TRANSPORT=http python -m blt_mcpRequired:
BLT_API_KEY
Common optional settings:
MCP_API_KEYSBLT_BASE_URL(default:https://www.bugheist.com)MCP_TRANSPORT(stdioorhttp)MCP_HOST(default:0.0.0.0)MCP_PORT(default:8080)LOG_LEVEL(default:INFO)
ARCHITECTURE.mddesign choices and module boundariesDEPLOYMENT.mddeployment runbookINTEGRATIONS.mdBLT ecosystem mappingMCP_Production_Readiness_Report.mdreadiness assessment and timeline
This is a production-minded prototype: complete enough for technical review and realistic integration testing, with a clear hardening path for strict production use.
- OWASP BLT org: https://github.com/OWASP-BLT
- BLT repository: https://github.com/OWASP-BLT/BLT
- BLT platform: https://www.bugheist.com
- MCP docs: https://modelcontextprotocol.io/docs
- MCP Python SDK: https://github.com/modelcontextprotocol/python-sdk