Back
Marketplace/Cycode

TL;DR

Cycode is a Security MCP server that lets Claude Code, Cursor, Windsurf and any MCP-compatible AI agent boost security in dev lifecycle via SAST, SCA, secrets scanning, and supply chain security. Install in 1 minute with mcpizy install cycode.

🔐

Cycode

Verified

Security

Last updated May 30, 2026 · By MCPizy team

Boost security in dev lifecycle via SAST, SCA, secrets scanning, and supply chain security.

Install Cycode

Via MCPizy CLI (recommended):
mcpizy install cycode
Or run directly:
npx -y @cycode/mcp
View on GitHub

Works with

Claude Code
Claude Desktop
Cursor
Windsurf
VS Code + Copilot
Any MCP Client

More Security MCPs

🔒

RAD Security

AI-powered security insights for Kubernetes and cloud workloads. Threat detection.

🔐

1Password

Manage 1Password vaults, items, and secrets from AI agents via the Model Context Protocol.

🛡️

Okta

Manage Okta users, groups, and application assignments for identity from AI agents.

🗝️

HashiCorp Vault

Read and write Vault secrets and manage auth methods for secure secret delivery.

Alternatives to Cycode

If Cycode doesn't fit your stack, these Security MCP servers solve similar problems.

🛡️

Snyk

Security vulnerability scanning

🔍

SonarQube

Seamless integration with SonarQube for code quality analysis, bugs, and security vulnerabilities.

🛡️

Semgrep

Enable AI agents to secure code with Semgrep. Static analysis for finding bugs and security issues.

Key Takeaways

  • Cycode exposes an MCP interface for security workflows in Claude Code, Cursor and Windsurf.
  • No authentication required — works out of the box once installed.
  • Install in 1 command: mcpizy install cycode — config written to your client automatically.
  • Free and open source (GitHub source linked above) — verified compatible with every MCP client (Claude Code, Claude Desktop, Cursor, Windsurf, VS Code + Copilot).
  • Best use case: automate security workflows from your AI agent without leaving the editor.

Frequently asked questions

What is the Cycode MCP server?

The Cycode MCP server is an Security Model Context Protocol server that lets Claude Code, Cursor, Windsurf, VS Code with Copilot, and other MCP-compatible AI agents boost security in dev lifecycle via SAST, SCA, secrets scanning, and supply chain security. It exposes Cycode's capabilities as tools the AI can call directly from your editor or CLI.

How do I install Cycode MCP with Claude Code?

The fastest way is the MCPizy CLI: run `mcpizy install cycode` and MCPizy will add the server to your `.claude.json` automatically. You can also install it manually by adding an entry under `mcpServers` in `.claude.json` with the command `npx -y @cycode/mcp` and restarting Claude Code.

Is Cycode MCP free?

Yes. The Cycode MCP server is free and open source (see the GitHub repository linked on this page). You may still need a Cycode account or API key to connect the server to the underlying service, but the MCP layer itself has no MCPizy subscription cost.

Does Cycode MCP work with Cursor and Windsurf?

Yes. Any MCP-compatible client works — including Claude Code, Claude Desktop, Cursor (via `.cursor/mcp.json`), Windsurf, VS Code with Copilot Chat, and custom agents built on the MCP SDK. The same install command targets all of them; only the config file path differs.

Manage all your MCPs in one place

Monitor usage, track costs, and discover new MCPs.

Get Started Free
What can I do with Cycode MCP?

Once installed, your AI agent can boost security in dev lifecycle via SAST, SCA, secrets scanning, and supply chain security directly inside your conversation. Typical use cases include asking Claude Code or Cursor to run Cycode operations, inspect results, chain Cycode with other MCP servers (see our Workflow Recipes), and automate repetitive security tasks without leaving your editor.