Dependency security in your IDE. One MCP connection.
Add Attestd to Claude Code, Cursor, or Windsurf. When you ask about a package, your assistant calls Attestd and returns a direct answer. Not a CVSS score to reason about. A risk state to act on.
Free tier available. Solo at $19.99 per month. Sonatype Guide Pro is $1,200/year. Same assistants. Different output.
You: Is litellm 1.82.7 safe to install?
Assistant: Checking Attestd...
check_package_vulnerability("litellm", "1.82.7")
→ supplyChainCompromised: true
Do not install litellm 1.82.7. Attestd has detected a confirmed supply chain
compromise on this version. No safe version is currently flagged as patched.
Remove it from your dependencies entirely.Ask. Check. Answer. No interpretation layer.
Connect MCP
Add Attestd to your IDE config. Hosted server or local npx. Under five minutes.
Ask about a package
Your assistant calls check_package_vulnerability when you mention a dependency or version.
Get a direct answer
risk_state, actively_exploited, supply_chain.compromised. No CVSS interpretation step.
Cleaner answers from your coding assistant
CVSS-backed tools return advisory data your assistant must weigh and summarize. Attestd returns categorical fields your assistant reads and states directly. Same data call, consistent answer every time.
{
"cvssScore": 7.4,
"severity": "HIGH",
"recommendation": "Consider upgrading when convenient..."
}Requires interpretation before your assistant can answer “is this safe?”
{
"risk_state": "critical",
"actively_exploited": true,
"patch_available": true,
"fixed_version": "2.17.1",
"supply_chain": {
"compromised": false
}
}Branch on risk_state. Supply chain compromise in the same call.
Attestd for Cursor, Claude Code, and Windsurf
Copy the config block for your client. Paste your API key. Restart. Full setup guides linked on each card.
Attestd for Cursor
Works with Cursor via MCP. Paste config, restart, ask about any dependency.
.cursor/mcp.json{
"mcpServers": {
"attestd": {
"url": "https://mcp.attestd.io/mcp",
"headers": {
"Authorization": "Bearer your-api-key-here"
}
}
}
}Attestd for Claude Code
Hosted at mcp.attestd.io. No Node.js install. Claude Code calls the tool in normal flow.
~/.claude/mcp.json{
"mcpServers": {
"attestd": {
"url": "https://mcp.attestd.io/mcp",
"headers": {
"Authorization": "Bearer your-api-key-here"
}
}
}
}Attestd for Windsurf
Global config only. Remote servers use serverUrl instead of url.
~/.codeium/windsurf/mcp_config.json{
"mcpServers": {
"attestd": {
"serverUrl": "https://mcp.attestd.io/mcp",
"headers": {
"Authorization": "Bearer your-api-key-here"
}
}
}
}Zero migration cost when you reach autonomy
Every developer who connects Attestd in their IDE runs the same API that production pipelines and autonomous agents use. When your workflow reaches a point where no human is in the loop, a CI gate, a deployment agent, an automated dependency update system, Attestd is already integrated. No migration, no new contract, no data format change.
Flat rate. No credit metering.
Sonatype Guide Pro is $100/month (billed annually) ($1,200/year), credit-metered. Attestd Solo is a flat $19.99 per month for 250,000 calls.
No credit consumption. No overage billing on Solo.
Get startedReady to connect your IDE?
Free API key in under a minute. Setup docs walk through each client step by step.