fix: add insecure_ignore for MCP servers requiring credentials

JAORMX · claude · JAORMX · commit d1181fa17bd6 · 2026-01-19T16:02:37.000+02:00
These servers require API keys or external services to start and
cannot be scanned in CI without those credentials:

- agentql-mcp: requires AGENTQL_API_KEY
- mcp-jetbrains: requires running JetBrains IDE
- mcp-neo4j-aura-manager: requires Neo4j Aura credentials
- mcp-server-box: requires Box API credentials
- netbird: requires Netbird management API token
- tavily-mcp: requires TAVILY_API_KEY

Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/go/netbird/spec.yaml b/go/netbird/spec.yaml
@@ -16,3 +16,8 @@ spec:
 provenance:
   repository_uri: "https://github.com/aantti/mcp-netbird?tab=readme-ov-file"
   repository_ref: "refs/heads/main"
+
+# Security configuration
+security:
+  # Server requires Netbird management API token to start - cannot be scanned in CI
+  insecure_ignore: true
diff --git a/npx/agentql-mcp/spec.yaml b/npx/agentql-mcp/spec.yaml
@@ -16,3 +16,8 @@ spec:
 provenance:
   repository_uri: "https://github.com/tinyfish-io/agentql-mcp"
   repository_ref: "refs/heads/main"
+
+# Security configuration
+security:
+  # Server requires AGENTQL_API_KEY to start - cannot be scanned in CI
+  insecure_ignore: true
diff --git a/npx/mcp-jetbrains/spec.yaml b/npx/mcp-jetbrains/spec.yaml
@@ -16,3 +16,8 @@ spec:
 provenance:
   repository_uri: "https://github.com/JetBrains/mcp-jetbrains"
   repository_ref: "refs/heads/main"
+
+# Security configuration
+security:
+  # Server is a proxy that requires a running JetBrains IDE to connect to - cannot be scanned in CI
+  insecure_ignore: true
diff --git a/npx/tavily-mcp/spec.yaml b/npx/tavily-mcp/spec.yaml
@@ -16,3 +16,8 @@ spec:
 provenance:
   repository_uri: "https://github.com/tavily-ai/tavily-mcp"
   repository_ref: "refs/heads/main"
+
+# Security configuration
+security:
+  # Server requires TAVILY_API_KEY to start - cannot be scanned in CI
+  insecure_ignore: true
diff --git a/uvx/mcp-neo4j-aura-manager/spec.yaml b/uvx/mcp-neo4j-aura-manager/spec.yaml
@@ -16,3 +16,8 @@ spec:
 provenance:
   repository_uri: "https://github.com/neo4j-contrib/mcp-neo4j"
   repository_ref: "refs/tags/mcp-neo4j-aura-manager-v0.3.0"
+
+# Security configuration
+security:
+  # Server requires Neo4j Aura API credentials to start - cannot be scanned in CI
+  insecure_ignore: true
diff --git a/uvx/mcp-server-box/spec.yaml b/uvx/mcp-server-box/spec.yaml
@@ -16,3 +16,8 @@ spec:
 provenance:
   repository_uri: "https://github.com/box-community/mcp-server-box"
   repository_ref: "refs/heads/main"  # Using main branch as the primary development branch
+
+# Security configuration
+security:
+  # Server requires Box API credentials to start - cannot be scanned in CI
+  insecure_ignore: true
