for developers

Dependency security in your IDE. One MCP connection.

Add Attestd to Claude Code, Cursor, or Windsurf. When you ask about a package, your assistant calls Attestd and returns a direct answer. Not a CVSS score to reason about. A risk state to act on.

Free tier available. Solo at $19.99 per month. Sonatype Guide Pro is $1,200/year. Same assistants. Different output.

your coding assistant
You: Is litellm 1.82.7 safe to install?

Assistant: Checking Attestd...
  check_package_vulnerability("litellm", "1.82.7")
  → supplyChainCompromised: true

Do not install litellm 1.82.7. Attestd has detected a confirmed supply chain
compromise on this version. No safe version is currently flagged as patched.
Remove it from your dependencies entirely.
how it works

Ask. Check. Answer. No interpretation layer.

01

Connect MCP

Add Attestd to your IDE config. Hosted server or local npx. Under five minutes.

02

Ask about a package

Your assistant calls check_package_vulnerability when you mention a dependency or version.

03

Get a direct answer

risk_state, actively_exploited, supply_chain.compromised. No CVSS interpretation step.

You ask about a packagecheck_package_vulnerabilityrisk_state answer
why deterministic output

Cleaner answers from your coding assistant

CVSS-backed tools return advisory data your assistant must weigh and summarize. Attestd returns categorical fields your assistant reads and states directly. Same data call, consistent answer every time.

CVSS advisory
{
  "cvssScore": 7.4,
  "severity": "HIGH",
  "recommendation": "Consider upgrading when convenient..."
}

Requires interpretation before your assistant can answer “is this safe?”

attestdmachine-readable
{
  "risk_state": "critical",
  "actively_exploited": true,
  "patch_available": true,
  "fixed_version": "2.17.1",
  "supply_chain": {
    "compromised": false
  }
}

Branch on risk_state. Supply chain compromise in the same call.

works with your IDE

Attestd for Cursor, Claude Code, and Windsurf

Copy the config block for your client. Paste your API key. Restart. Full setup guides linked on each card.

Attestd for Cursor

Works with Cursor via MCP. Paste config, restart, ask about any dependency.

config path.cursor/mcp.json
.cursor/mcp.json
{
  "mcpServers": {
    "attestd": {
      "url": "https://mcp.attestd.io/mcp",
      "headers": {
        "Authorization": "Bearer your-api-key-here"
      }
    }
  }
}

Attestd for Claude Code

Hosted at mcp.attestd.io. No Node.js install. Claude Code calls the tool in normal flow.

config path~/.claude/mcp.json
~/.claude/mcp.json
{
  "mcpServers": {
    "attestd": {
      "url": "https://mcp.attestd.io/mcp",
      "headers": {
        "Authorization": "Bearer your-api-key-here"
      }
    }
  }
}

Attestd for Windsurf

Global config only. Remote servers use serverUrl instead of url.

config path~/.codeium/windsurf/mcp_config.json
~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "attestd": {
      "serverUrl": "https://mcp.attestd.io/mcp",
      "headers": {
        "Authorization": "Bearer your-api-key-here"
      }
    }
  }
}
same API, two consumers

Zero migration cost when you reach autonomy

Every developer who connects Attestd in their IDE runs the same API that production pipelines and autonomous agents use. When your workflow reaches a point where no human is in the loop, a CI gate, a deployment agent, an automated dependency update system, Attestd is already integrated. No migration, no new contract, no data format change.

pricing

Flat rate. No credit metering.

Sonatype Guide Pro is $100/month (billed annually) ($1,200/year), credit-metered. Attestd Solo is a flat $19.99 per month for 250,000 calls.

Free
$0forever
5,000 calls / month

Full response schema. Permanent evaluation tier.

Get a free key
popular
Solo
$19.99/ month
250,000 calls / month

No credit consumption. No overage billing on Solo.

Get started

Compare Attestd and Sonatype Guide → · Full pricing

Ready to connect your IDE?

Free API key in under a minute. Setup docs walk through each client step by step.