stackrox-mcp/examples/config-read-only.yaml at main · stackrox/stackrox-mcp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# StackRox MCP Server Configuration
#
# This is an example configuration file for the StackRox MCP server.
# Copy this file and modify it according to your environment.
#
# Environment Variable Mapping:
# All configuration options can be overridden using environment variables.
# Environment variables take precedence over YAML configuration.
#
# Naming convention: STACKROX_MCP__SECTION__KEY
# Example:
#   central:
#     url: central.stackrox:443
#
# Can be overridden with:
#   STACKROX_MCP__CENTRAL__URL=central.stackrox:443

# Central connection configuration
central:
  # Central URL (required, default: central.stackrox:443)
  # The URL of your StackRox Central instance
  url: central.stackrox:443

  # Authentication type (optional, default: passthrough)
  # Options: "passthrough" or "static"
  # - passthrough: Use the API token from the MCP client request headers
  # - static: Use a statically configured API token (specified in api_token field)
  auth_type: passthrough

  # API token for static authentication (required only when auth_type is "static")
  # Must not be set when auth_type is "passthrough"
  # api_token: your-stackrox-api-token-here

  # Skip TLS certificate verification (optional, default: false)
  # Set to true to disable TLS certificate validation
  # Warning: Only use this for testing or in trusted environments
  insecure_skip_tls_verify: false

  # Force HTTP1 bridge via gRPC-Web/WebSockets (optional, default: false)
  # Enable only when Central is reachable through an HTTP/1-only proxy/load balancer
  force_http1: false

  # Request timeout (optional, default: 30s)
  # Maximum time to wait for a single request to complete
  request_timeout: 30s

  # Maximum number of retry attempts (optional, default: 3)
  # Must be between 0 and 10
  max_retries: 3

  # Initial backoff duration for retries (optional, default: 1s)
  # Must be positive
  initial_backoff: 1s

  # Maximum backoff duration for retries (optional, default: 10s)
  # Must be positive and >= initial_backoff
  max_backoff: 10s

# Global MCP server configuration
global:
  # Allow only read-only MCP tools (optional, default: true)
  # When true, only tools that perform read operations are available
  # When false, both read and write tools may be available (if implemented)
  read_only_tools: true

# HTTP server configuration
server:
  # Server listen address (optional, default: 0.0.0.0)
  # The address on which the MCP HTTP server will listen
  address: 0.0.0.0

  # Server listen port (optional, default: 8080)
  # The port on which the MCP HTTP server will listen
  # Must be between 1 and 65535
  port: 8080

# Configuration of MCP tools
# Each tool has an enable/disable flag. At least one tool has to be enabled.
tools:
  # Vulnerability management tools
  vulnerability:
    # Enable vulnerability management tools (optional, default: false)
    enabled: true

  # Configuration management tools
  config_manager:
    # Enable configuration management tools (optional, default: false)
    enabled: true