You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+40-23Lines changed: 40 additions & 23 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@
13
13
14
14
---
15
15
16
-
Search and query **1,088+ security data points** through a single MCP interface — **418+ OWASP projects**, **345 ASVS requirements**, **111 WSTG test cases**, **113+ Cheat Sheets**, **Top 10 2021**, **API Security Top 10 2023**, **LLM Top 10 2025**, **Proactive Controls 2024**, **MASVS**, and **38 CWE entries**with cross-references and compliance mapping.
16
+
Search and query **1,098+ security data points** through a single MCP interface — **418+ OWASP projects**, **345 ASVS requirements**, **111 WSTG test cases**, **113+ Cheat Sheets**, **Top 10 2021**, **API Security Top 10 2023**, **LLM Top 10 2025**, **MCP Top 10 2025**, **Proactive Controls 2024**, **MASVS**, **38 CWE entries**, and **live NVD/CVE data** — with cross-references, compliance mapping, threat modeling, and MCP security assessment.
17
17
18
18
## Why owasp-mcp?
19
19
@@ -23,12 +23,14 @@ Individual OWASP resources are scattered across dozens of repositories with diff
23
23
- Cross-reference a CWE with Top 10 categories, ASVS requirements, and WSTG test cases
24
24
- Look up any CWE by ID and see all OWASP mappings automatically
25
25
- Map ASVS requirements to PCI-DSS, ISO 27001, and NIST 800-53 for compliance
26
+
- Search live NVD for CVE vulnerabilities by keyword, CWE, or severity
27
+
- Generate STRIDE-based threat models with OWASP mitigations
28
+
- Assess MCP server deployments against the OWASP MCP Top 10
26
29
- Generate security checklists tailored to your project type and depth
27
-
- Assess any tech stack and get relevant OWASP security recommendations
28
30
- Use pre-built prompt templates for guided security reviews and threat analysis
29
31
- Browse all 418+ OWASP projects including Lab and Incubator — not just the Flagship ones
30
32
31
-
No API keys required. All data is fetched from public OWASP GitHub repositories.
33
+
No API keys required for local data. NVD API works without a key (rate-limited) or with an optional `NVD_API_KEY` for higher throughput.
32
34
33
35
## Quick Start
34
36
@@ -106,14 +108,16 @@ docker run --rm -i ghcr.io/zer0-kr/owasp-mcp
0 commit comments