# MCP Setup

The Nullify CLI includes a built-in MCP server that gives AI coding assistants access to your security findings, triage tools, and more.

## Prerequisites

* [Install the Nullify CLI](/cli/install.md)
* [Authenticate with your Nullify instance](/cli/install/authentication.md)

## Claude Code

Add Nullify as an MCP server:

```bash
claude mcp add nullify -- nullify mcp serve
```

The Nullify tools will be automatically available in your Claude Code sessions.

## Cursor

Add to your project's `.cursor/mcp.json`:

```json
{
  "mcpServers": {
    "nullify": {
      "command": "nullify",
      "args": ["mcp", "serve"]
    }
  }
}
```

## Codex

Add to your Codex MCP configuration:

```json
{
  "mcpServers": {
    "nullify": {
      "command": "nullify",
      "args": ["mcp", "serve"]
    }
  }
}
```

## Available Tools

The MCP server provides the following tools:

### SAST (Static Application Security Testing)

* `list_sast_findings` - List SAST findings with filters (severity, status, repository)
* `get_sast_finding` - Get details of a specific SAST finding
* `triage_sast_finding` - Update the triage status of a SAST finding

### SCA (Software Composition Analysis)

* `list_sca_dependency_findings` - List dependency vulnerability findings
* `get_sca_dependency_finding` - Get details of a specific dependency finding
* `list_sca_container_findings` - List container vulnerability findings
* `get_sca_container_finding` - Get details of a specific container finding

### Secrets

* `list_secrets_findings` - List detected secret findings
* `get_secrets_finding` - Get details of a specific secret finding

### DAST (Dynamic Application Security Testing)

* `list_dast_findings` - List DAST findings
* `get_dast_finding` - Get details of a specific DAST finding

### CSPM (Cloud Security Posture Management)

* `list_cspm_findings` - List cloud security findings
* `get_cspm_finding` - Get details of a specific cloud finding

### Admin

* `list_repositories` - List repositories monitored by Nullify
* `get_repository` - Get details of a specific repository

### Classifier

* `list_assets` - List discovered assets
* `get_asset` - Get details of a specific asset

## Verifying the Connection

After configuring your AI assistant, you can verify the connection by asking:

> "List my critical SAST findings"

The assistant should use the `list_sast_findings` tool and return results from your Nullify instance.

## Troubleshooting

### "Not authenticated" error

Run `nullify auth status` to check your login status. If not authenticated, run `nullify auth login`.

### Tools not appearing

Ensure the `nullify` binary is in your PATH. Run `which nullify` to verify.

### Connection issues

Check that your host is correctly configured with `nullify auth config`.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nullify.ai/cli/install/mcp-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.