risken

The RISKEN MCP Server provides a Model Context Protocol (MCP) interface that connects RISKEN APIs to your favorite MCP clients and tools. It exposes capabilities to view and manage RISKEN findings and alerts, including a get_context operation to retrieve current authentication context, search_finding to find findings with filters (by finding_id, alert_id, data_source, resource_name, score range, status, offset, limit), archive_finding to archive findings with optional notes, and search_alert to filter alerts by status. With these operations you can build automation and tooling to monitor active RISKEN alerts, analyze findings with explanations and remediation steps, and archive resolved items to keep your security posture organized. The server supports OAuth2.1 for third-party authorization, and can be run locally via Docker with environment variables to provide the RISKEN access token and server URL, or accessed remotely by exposing the appropriate endpoint.

To use the local container configuration, connect your MCP client to the RISKEN MCP server by running the Docker command or by configuring your MCP client with the provided mcpServers entry. For example you can query active alerts and findings, then archive items when resolved. If using a remote setup (e.g., Cloud Run or a proxy like mcp-remote), you can point your client to the server URL and provide the RISKEN access token in headers or environment, depending on your client’s capabilities.

Prerequisites:

• Docker installed and running on the host
• A RISKEN Access Token

1. Pull and run the RISKEN MCP Server container locally:

   docker run -it --rm
   -e RISKEN_URL=http://localhost:8098
   -e RISKEN_ACCESS_TOKEN=your_access_token
   -p 8098:8098
   ghcr.io/ca-risken/risken-mcp-server

   Notes:

   • The container expects RISKEN_URL to point to the MCP server endpoint (or where the MCP server will be exposed).
   • RISKEN_ACCESS_TOKEN should be your valid RISKEN access token.
   • The example above maps port 8098; adjust as needed for your environment.

2. Alternative: Use the exact MCP Client configuration snippet provided in the README to connect via your MCP client (Claude Desktop, Cursor) using the docker run invocation in a ready-to-use mcpServers entry.

3. Verify connectivity:

   • Ensure the server is reachable at http://localhost:8098 (or the URL you configured).
   • Use your MCP client to issue a basic /mcp request; you should receive a proper MCP response once authenticated.

Prerequisites recap: have Docker installed and running, and obtain a RISKEN Access Token before starting the server.

Tips and common issues:

• Environment variables: RISKEN_URL should be the public or accessible MCP server URL; RISKEN_ACCESS_TOKEN must be the valid RISKEN API token. Keep tokens secure.
• When using remote clients, some MCP clients require stdio wiring or a proxy (mcp-remote) to connect to stdio-based servers. Follow the README guidance if you’re using Claude Desktop or Cursor with a remote server.
• If you change RISKEN_URL, ensure the client and the server can reach each other; consider network/firewall rules when deploying behind NAT or in cloud environments.
• For OAuth2.1: If you enable third-party authorization, configure MCP_SERVER_URL, AUTHZ_METADATA_ENDPOINT, CLIENT_ID, CLIENT_SECRET, and JWT_SIGNING_KEY in the environment as described in the documentation.
• For debugging: check Docker container logs for any misconfiguration or token/auth errors and verify that RISKEN_URL and RISKEN_ACCESS_TOKEN are correctly passed to the container.
• This server is designed to integrate RISKEN capabilities such as active alert monitoring, finding analysis, and archival operations; tailor your MCP client queries to the supported operations (get_context, search_finding, archive_finding, search_alert).