Skip to content

Commit db56b13

Browse files
omerr-cycodeomerr-cycode
authored
CM-64439 updated READ for MCP with certificates (#457)
1 parent e0e5281 commit db56b13

1 file changed

Lines changed: 35 additions & 0 deletions

File tree

README.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ This guide walks you through both installation and usage.
2121
2. [Available Options](#available-options)
2222
3. [MCP Tools](#mcp-tools)
2323
4. [Usage Examples](#usage-examples)
24+
5. [Advanced Configuration](#advanced-configuration)
2425
5. [Platform Command](#platform-command-beta)
2526
1. [Discovering Commands](#discovering-commands)
2627
2. [Examples](#platform-examples)
@@ -559,6 +560,38 @@ cycode mcp -t streamable-http -H 127.0.0.2 -p 9000 &
559560
}
560561
```
561562

563+
### Advanced Configuration
564+
##### Custom Certificates and Timeouts (Proxy Environments)
565+
566+
If your organization uses a corporate proxy or a custom CA bundle for HTTPS inspection, you need to tell Cycode CLI (and the underlying Python TLS stack) where to find the trusted certificate bundle. You can also increase the MCP tool call timeout if scans are being cut short.
567+
568+
| Environment Variable | Description |
569+
|----------------------|-------------|
570+
| `REQUESTS_CA_BUNDLE` | Path to a custom CA bundle file (`.pem` or `.crt`). Used by the `requests` library for all HTTPS calls made by Cycode CLI. |
571+
| `SSL_CERT_FILE` | Path to a custom CA bundle file. Used by Python's low-level `ssl` module. Set this alongside `REQUESTS_CA_BUNDLE` for full coverage. |
572+
| `MCP_TOOL_TIMEOUT` | Timeout (in seconds) that MCP clients such as Claude and GitHub Copilot wait for a tool call to complete. Increase this if long-running scans are being cut off before they finish. |
573+
574+
> [!TIP]
575+
> Set both `REQUESTS_CA_BUNDLE` and `SSL_CERT_FILE` to the same CA bundle path. `REQUESTS_CA_BUNDLE` covers the HTTP layer; `SSL_CERT_FILE` covers the lower-level TLS layer. Using only one may still cause certificate errors in some environments.
576+
577+
Example `mcp.json` configuration with custom certificates and a longer timeout:
578+
579+
```json
580+
{
581+
"mcpServers": {
582+
"cycode": {
583+
"command": "cycode",
584+
"args": ["mcp"],
585+
"env": {
586+
"REQUESTS_CA_BUNDLE": "/path/to/your/corporate-ca-bundle.pem",
587+
"SSL_CERT_FILE": "/path/to/your/corporate-ca-bundle.pem",
588+
"MCP_TOOL_TIMEOUT": "1800"
589+
}
590+
}
591+
}
592+
}
593+
```
594+
562595
> [!NOTE]
563596
> The MCP server requires proper Cycode CLI authentication to function. Make sure you have authenticated using `cycode auth` or configured your credentials before starting the MCP server.
564597
@@ -608,6 +641,8 @@ This information can be helpful when:
608641
- Identifying authentication problems
609642
- Debugging transport-specific issues
610643
644+
### MCP Configuration
645+
611646
612647
# Platform Command \[BETA\]
613648

0 commit comments

Comments
 (0)