OWASP Cheatsheets MCP Server
A minimal Model Context Protocol server that provides access to OWASP security cheat sheets through a simple HTTP API, enabling users to list, retrieve, and search security best practices.
README Documentation
OWASP Cheat Sheet MCP Server
A minimal Model Context Protocol (MCP) compatible server providing the OWASP Cheat Sheets.
The server uses FastAPI to expose a simple HTTP API that returns the contents of the cheat sheets from the OWASP Cheat Sheet Series.
Prerequisites
- Python 3.8 or newer
- Git (for cloning the cheat sheet repository on first run)
Usage
- Install requirements:
pip install -r requirements.txt - (Optional) Set
CHEATSHEETS_DIRif you already have a local copy of the cheat sheets:export CHEATSHEETS_DIR=/path/to/CheatSheetSeries/cheatsheets - Run the server with
uvicorn:uvicorn server.app:app --reload - If
CHEATSHEETS_DIRis not set the server will clone the cheat sheet repository on first start (requires network access).
Endpoints
GET /health– Basic health check.GET /cheatsheets– List available cheat sheet files.GET /cheatsheets/{name}– Retrieve a specific cheat sheet.GET /search?q=term– Search cheat sheets for a term and return matching file names.
Running in production
Use uvicorn with explicit host and port when deploying:
uvicorn server.app:app --host 0.0.0.0 --port 8000
For a real deployment consider a process manager such as systemd or running behind a reverse proxy.
Contributing
Pull requests are welcome. Tests can be added under a tests/ directory using pytest.
This implementation is a simplified example of an MCP server and may not cover the entire specification.