MCP Integration
ByteHide Radar is available as an MCP (Model Context Protocol) server, allowing AI coding agents like Claude, Cursor, and VS Code Copilot to scan your code for vulnerabilities, audit dependencies, and detect hardcoded secrets — all directly from your AI workflow.
What Is MCP
The Model Context Protocol (MCP) is an open standard that lets AI assistants connect to external tools and data sources. Instead of copying and pasting code into a security scanner, the AI agent calls ByteHide Radar directly and gets results in real time as part of the conversation.
With the ByteHide MCP integration, your AI assistant becomes a security-aware coding partner that can:
- Scan code for vulnerabilities (SAST) and hardcoded secrets as you write it
- Check dependencies before you install them to catch known CVEs
- Audit manifest files (package.json, requirements.txt, go.mod, etc.) for vulnerable packages
- Review AI configurations for prompt injection risks, credential exposure, and overpermissioning
- List and manage your ByteHide projects directly from the AI conversation
Available Tools
The ByteHide MCP server exposes five security tools:
| Tool | Description | Calls ByteHide API |
|---|---|---|
scan_code | Scan source code for vulnerabilities and hardcoded secrets (SAST + Secrets) | Yes |
check_dependency | Check if a specific package is safe before installing it (SCA) | Yes |
scan_dependencies | Audit all dependencies in a manifest file for known CVEs (SCA) | Yes |
list_projects | List all ByteHide projects in your organization | Yes |
audit_ai_environment | Scan AI config files for security risks (prompt injection, credential exposure) | No — runs 100% locally |
Local-Only Audit
The audit_ai_environment tool runs entirely on your machine. It never sends your configuration files (.env, .claude.md, .mcp.json, etc.) to ByteHide servers. All analysis happens locally within the AI agent.
Supported Languages & Ecosystems
Code Scanning (SAST + Secrets)
JavaScript, TypeScript, Python, Java, C#, PHP, Go, Rust, Swift, Kotlin, Objective-C, and Ruby.
Dependency Scanning (SCA)
| Ecosystem | Manifest File |
|---|---|
| npm | package.json |
| PyPI | requirements.txt, Pipfile |
| Maven | pom.xml |
| NuGet | *.csproj |
| Go | go.mod |
| RubyGems | Gemfile |
| Cargo | Cargo.toml |
| Packagist | composer.json |
How It Works
- Connect your AI agent to the ByteHide MCP server (one-time setup)
- Authenticate via OAuth — a browser window opens to log in to your ByteHide account
- Use it — ask your AI assistant to scan code, check a package, or audit dependencies. The agent calls the right tool automatically
Projects are created automatically in your ByteHide dashboard when you scan for the first time. All findings sync to the Radar cloud panel so you can track them alongside your regular scans.
Next Steps
Setup & Connection
Step-by-step guide to connect ByteHide MCP to Claude, Cursor, VS Code, and other AI agents.
Tool Reference
Detailed documentation for each MCP tool: parameters, examples, and supported options.
API Reference
REST API reference for programmatic integration beyond AI agents.