Feature Request: Add support for GitHub Security APIs (Dependabot, Code Scanning, Secret Scanning) #1921
Description
Summary
The MCP server currently lacks tools to interact with GitHub's security features. Adding support for the Security APIs would enable AI agents to help users identify, triage, and remediate security vulnerabilities in their repositories.
Use Case
When a user asks an AI agent to "fix the issues in the security tab" of a repository, the agent currently cannot:
- List security alerts - No way to retrieve Dependabot alerts, Code Scanning alerts, or Secret Scanning alerts
- View alert details - Cannot get specifics about a vulnerability (CVE, severity, affected package/file, remediation guidance)
- Dismiss or resolve alerts - Cannot mark alerts as fixed, dismissed, or false positives
- Update vulnerable dependencies - While file editing is possible, understanding what needs to change requires alert data
Requested Tools
Dependabot Alerts
list_dependabot_alerts- List Dependabot alerts for a repositoryget_dependabot_alert- Get details of a specific Dependabot alertupdate_dependabot_alert- Dismiss or reopen a Dependabot alert
Code Scanning (CodeQL)
list_code_scanning_alerts- List code scanning alerts for a repositoryget_code_scanning_alert- Get details of a specific code scanning alertupdate_code_scanning_alert- Dismiss or reopen a code scanning alert
Secret Scanning
list_secret_scanning_alerts- List secret scanning alerts for a repositoryget_secret_scanning_alert- Get details of a specific secret scanning alertupdate_secret_scanning_alert- Update the state of a secret scanning alert (resolve, reopen, etc.)
API References
Impact
These tools would enable AI agents to:
- Automatically identify and fix vulnerable dependencies by updating Gemfile, package.json, etc.
- Review and help remediate code scanning findings
- Assist with secret rotation workflows when credentials are exposed
- Provide security posture summaries for repositories
Thank you for considering this enhancement!