docs/integrations/windsurf

How to connect the Dependency Vulnerability Scanner MCP Tool to Windsurf

Audits project dependencies across multiple ecosystems. Checks every package against the OSV database for known CVEs. This guide provides the exact configuration required to load the dependency_audit tool inside Windsurf.

Step 1: Open the configuration file

Locate and open your Windsurf configuration file at the following path:

macOS / Linux~/.codeium/windsurf/mcp_config.json

Windows%USERPROFILE%\.codeium\windsurf\mcp_config.json

Step 2: Add the server config

Copy and paste the following JSON snippet into the file. Save the file and restart Windsurf.

mcp_config.json

{
  "mcpServers": {
    "agenticstore": {
      "command": "uvx",
      "args": ["agentic-store-mcp", "--tools", "dependency_audit"]
    }
  }
}

Step 3: Try it out

Once restarted, ask Windsurf something like this to trigger the tool:

"Check my package.json and requirements.txt for any high severity CVEs."

Explore more

→ View full dependency_audit documentation → See all Client integrations