Jenkins MCP Server
MCP server for Jenkins CI/CD integration supporting job management, build operations, node monitoring, and queue management.
Score Breakdown
Server Info
- Package
- mcp-server-jenkins
- Registry
- npm
- Repository
- landygg/mcp-server-jenkins
- Maintainer
- Community
- Category
- Developer Tools
- Tags
- ci-cdbuildsautomation
- Last Scanned
- 7 Apr 2026
Findings
7 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. Jenkins URL is required. Username and password/API token are optional but needed for authenticated Jenkins instances. Supports crumb-based CSRF protection. URL sanitization strips embedded credentials. SSL verification can be disabled via env var. For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 0 of 15 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: query_items accepts regex patterns (classPattern, fullNamePattern, colorPattern) that could be used for ReDoS
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
Data Exposure
MEDIUM4 list operations lack pagination
get_all_items, get_all_nodes, get_all_queue_items, and get_running_builds return full result sets without pagination. Console output (get_build_console_output) returns the full log without truncation controls. No field selection supported.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by landygg
No official vendor backing.
Seek vendor verification.
MEDIUM7 dependency vulnerabilities (5 high)
npm audit found 5 high severity CVEs.
Update vulnerable dependencies.
Tools
15 total| Name | Description | Risk |
|---|---|---|
| get_all_items | Get all items (jobs and folders) from Jenkins server | read |
| get_item | Get details of a specific Jenkins item by its full name | read |
| get_item_config | Get the XML configuration of a specific Jenkins item | read |
| query_items | Query Jenkins items with pattern filters | read |
| build_item | Trigger a build for a Jenkins item | write |
| get_all_nodes | Get all Jenkins nodes (agents) | read |
| get_node | Get details of a specific Jenkins node | read |
| get_node_config | Get the XML configuration of a specific Jenkins node | read |
| get_all_queue_items | Get all items in the Jenkins build queue | read |
| get_queue_item | Get details of a specific queue item | read |
| cancel_queue_item | Cancel a specific item in the build queue | write |
| get_build | Get details of a specific build | read |
| get_build_console_output | Get the console output (logs) of a specific build | read |
| get_running_builds | Get all currently running builds in Jenkins | read |
| stop_build | Stop a running build | write |
Deploy Jenkins MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow