docs/integrations/vscode

How to connect the Dependency Vulnerability Scanner MCP Tool to VS Code

Audits project dependencies across multiple ecosystems. Checks every package against the OSV database for known CVEs. This guide provides the exact configuration required to load the dependency_audit tool inside VS Code.

Step 1: Open the configuration file

Locate and open your VS Code configuration file at the following path:

macOS / Linux.vscode/mcp.json (workspace) or settings.json

Windows.vscode\mcp.json (workspace) or settings.json

Step 2: Add the server config

Copy and paste the following JSON snippet into the file. Save the file and restart VS Code.

mcp.json

{
  "mcpServers": {
    "agenticstore": {
      "command": "uvx",
      "args": ["agentic-store-mcp", "--tools", "dependency_audit"]
    }
  }
}

Step 3: Try it out

Once restarted, ask VS Code something like this to trigger the tool:

"Check my package.json and requirements.txt for any high severity CVEs."

Explore more

→ View full dependency_audit documentation → See all Client integrations