You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -118,7 +118,7 @@ ContextForge MCP Gateway is a feature-rich gateway, proxy and MCP Registry that
118
118
119
119
## 🚀 Overview & Goals
120
120
121
-
**ContextForge MCP Gateway** is a production-grade gateway, registry, and proxy that sits in front of any [Model Context Protocol](https://modelcontextprotocol.io) (MCP) server or REST API-exposing a unified endpoint for all your AI clients.
121
+
**ContextForge MCP Gateway** is a gateway, registry, and proxy that sits in front of any [Model Context Protocol](https://modelcontextprotocol.io) (MCP) server or REST API-exposing a unified endpoint for all your AI clients.
122
122
123
123
It supports:
124
124
@@ -133,6 +133,8 @@ It supports:
133
133
134
134
For a list of upcoming features, check out the [ContextForge MCP Gateway Roadmap](https://ibm.github.io/mcp-context-forge/architecture/roadmap/)
135
135
136
+
**⚠️ Important**: MCP Gateway is not a standalone product - it is an open source component with **NO OFFICIAL SUPPORT** from IBM or its affiliates that can be integrated into your own solution architecture. If you choose to use it, you are responsible for evaluating its fit, securing the deployment, and managing its lifecycle. See [SECURITY.md](./SECURITY.md) for more details.
Copy file name to clipboardExpand all lines: SECURITY.md
+49-26Lines changed: 49 additions & 26 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,9 @@
2
2
3
3
**⚠️ Important**: MCP Gateway is an **OPEN SOURCE PROJECT** provided "as-is" with **NO OFFICIAL SUPPORT** from IBM or its affiliates. Community contributions and best-effort maintenance are provided by project maintainers and contributors.
4
4
5
-
## ⚠️ Beta Software Notice
5
+
**⚠️ Important**: MCP Gateway is not a standalone product - it is an open source component that can be integrated into your own solution architecture. If you choose to use it, you are responsible for evaluating its fit, securing the deployment, and managing its lifecycle.
6
+
7
+
## ⚠️ Early Beta Software Notice
6
8
7
9
**Current Version: 0.3.1 (Beta)**
8
10
@@ -17,10 +19,44 @@ MCP Gateway is currently in early beta and should be treated as such until the 1
17
19
-**Single-user administration** without access controls
18
20
19
21
For production deployments:
22
+
-**Disable features not used by your application**: use feature flags to disable unused features (ex: roots, resources, prompts) as per [537](https://github.com/IBM/mcp-context-forge/issues/537)
20
23
-**Disable the Admin UI and APIs completely** (`MCPGATEWAY_UI_ENABLED=false` and `MCPGATEWAY_ADMIN_API_ENABLED=true` in `.env`)
21
24
-**Use only the REST API** with proper authentication
22
25
-**Build your own production-grade UI** with appropriate security controls
23
26
27
+
### 🚀 Deployment Recommendations
28
+
29
+
30
+
***Disable unused features** using environment variables and feature flags (`MCPGATEWAY_ENABLE_PROMPTS=false`, etc.) as per [537](https://github.com/IBM/mcp-context-forge/issues/537)
31
+
***Use the REST API only**, with strict input validation and authentication
32
+
***Disable Admin UI and Admin API** in production (`MCPGATEWAY_UI_ENABLED=false`, `MCPGATEWAY_ADMIN_API_ENABLED=false`)
33
+
***Run containers as non-root users**, with read-only filesystems and minimal base images
34
+
***Harden network access** with firewalls, ingress policies, and internal-only endpoints
35
+
***Set resource limits** (CPU, memory) to protect against denial-of-service risks
36
+
***Always deploy the latest version** – there are **no backported security patches or long-term support branches**
37
+
***Perform a security audit of the codebase yourself**, especially if deploying in regulated, multi-tenant, or production environments
38
+
***Integrate as part of a comprehensive solution**:
39
+
MCP Gateway is **not a standalone product**. It is designed to be one layer in a larger, secure system architecture. You should integrate it with complementary components such as:
40
+
41
+
* API gateways or reverse proxies (for auth, rate-limiting, and routing)
42
+
* Secrets and configuration management systems (e.g., Vault, SOPS)
43
+
* Identity and access management (IAM) platforms
44
+
* Logging, monitoring, and alerting tools
45
+
* Runtime security, anomaly detection, and SIEM platforms
46
+
* Additional UI or orchestration layers that provide tenant or team-level access controls
47
+
48
+
Always consider your full deployment context and threat model when using MCP Gateway as part of a broader system.
49
+
50
+
#### 🔐 Environment Variable Security
51
+
52
+
***Avoid storing secrets in environment variables** unless managed via a secure secrets manager
53
+
***Never log environment variables or sensitive configs**
54
+
***Restrict container permissions** so only the application process can read environment variables
55
+
***Use `.env` files cautiously**, and avoid committing them to version control
56
+
***Limit runtime shell access** to containers to prevent environment leaks
57
+
58
+
---
59
+
24
60
### Multi-Tenancy Considerations
25
61
26
62
**MCP Gateway is not yet multi-tenant ready**. If you're building a platform that serves multiple users or teams, you must implement the following in your own application layer:
@@ -208,8 +244,9 @@ Applications consuming data from MCP Gateway should:
208
244
209
245
When deploying MCP Gateway in production:
210
246
247
+
-[ ] Disable features you are not using in production (`FEATURES_ROOTS_ENABLED=false`, `FEATURES_PROMPTS_ENABLED=false`, `FEATURES_RESOURCES_ENABLED=false`)
211
248
-[ ] Disable Admin UI and API in production (`MCPGATEWAY_UI_ENABLED=false` and `MCPGATEWAY_ADMIN_API_ENABLED=false`)
212
-
-[ ] Enable authentication for all endpoints
249
+
-[ ] Enable authentication for all endpoints using strong passwords / keys and a custom username.
213
250
-[ ] Configure TLS/HTTPS with valid certificates (never run HTTP in production)
214
251
-[ ] Validate and vet all connected MCP servers
215
252
-[ ] Implement network-level access controls and firewall rules
@@ -433,10 +470,11 @@ flowchart TD
433
470
* The Admin UI and Admin API are intended solely as development conveniences and **must be disabled in production**
434
471
* Bug fixes and security patches are provided on a **best-effort basis**, without SLAs
435
472
* Security hardening efforts prioritize the **REST API**; the Admin UI remains **unsupported**
473
+
* Currently, roots, resources and prompts are considered alpha, and require additional security hardening and resource limits. They should be disabled through feature flags as per [537](https://github.com/IBM/mcp-context-forge/issues/537)
436
474
437
475
### Security Update Process
438
476
439
-
All Container Images and Python dependencies are updated with every release (major or minor) or on CRITICAL/HIGH security vulnerabilities (triggering a minor release), subject to maintainer availability.
477
+
All Container Images and Python dependencies are updated with every release (major or minor) or on CRITICAL/HIGH security vulnerabilities (triggering a minor release), subject to maintainer availability. However, since MCP Gateway is provided as-is, you are strongly encouraged to perform your own vulnerability scanning and apply security patches to your deployments, especially if you are customizing or extending base images or dependencies. Relying solely on upstream updates may not be sufficient for your production security posture.
440
478
441
479
### Community Support
442
480
@@ -447,42 +485,27 @@ All Container Images and Python dependencies are updated with every release (maj
447
485
448
486
### 🚨 Security Patching Policy
449
487
450
-
Our security patching strategy prioritizes rapid response to vulnerabilities while maintaining system stability:
451
-
452
-
**Critical and High-Severity Vulnerabilities**: Patches are released within 24 hours of discovery or vendor disclosure. These patches trigger immediate minor version releases and are deployed to all supported environments.
453
-
454
-
**Medium-Severity Vulnerabilities**: Patches are released within 5-7 days unless the vulnerability affects core security functions, in which case expedited patching procedures are triggered within 48 hours.
488
+
> **⚠️ Disclaimer**: All patching and response timelines below are provided on a **best-effort basis** with **no service-level agreements (SLAs), guarantees, or commercial support**. MCP Gateway is an open-source project maintained by the community without official backing from IBM or its affiliates.
455
489
456
-
**Low-Severity Vulnerabilities**: Patches are included in regular maintenance releases and dependency updates, typically within 2 weeks.
490
+
Our security patching strategy prioritizes meaningful updates while maintaining overall system stability:
457
491
458
-
**Zero-Day Vulnerabilities**: Emergency patching procedures are activated immediately upon discovery, with hotfixes deployed within 12 hours where possible.
492
+
***Critical and High-Severity Vulnerabilities**: Best-effort patches are typically released within **1 week** of discovery or disclosure. These updates usually result in a **minor version bump** (e.g., `0.3.1`).
459
493
460
-
### 🤖 Automated Patch Management
494
+
***Medium-Severity Vulnerabilities**: Addressed in the **next scheduled release**, usually within **2 weeks** of identification.
461
495
462
-
Our automated systems continuously monitor for:
463
-
- Security advisories from Python Package Index (PyPI)
464
-
- Container base image security updates
465
-
- GitHub Security Advisories
466
-
- CVE database updates
467
-
- Dependency vulnerability disclosures
496
+
***Low-Severity Vulnerabilities**: Included in **regular maintenance updates**, typically resolved across **1–2 upcoming releases** (~**2–4 weeks**), depending on impact and availability.
468
497
469
-
When vulnerabilities are detected, our CI/CD pipeline automatically:
470
-
1. Assesses the impact and severity
471
-
2. Generates updated dependency lockfiles
472
-
3. Triggers security testing and validation
473
-
4. Initiates the release process for critical/high-severity issues
474
-
5. Notifies maintainers and security team
498
+
There are **no formal zero-day patch guarantees**; users are expected to evaluate risks and apply any necessary mitigations on their own infrastructure.
475
499
476
500
### ✅ Patch Verification Process
477
501
478
-
All security patches undergo rigorous verification within compressed timelines:
502
+
All security patches undergo best-effort verification:
479
503
- Automated security scanning to verify vulnerability remediation
480
504
- Regression testing to ensure no functionality is broken
481
505
- Container security scanning for image-based updates
482
506
- Integration testing with dependent services
483
-
- Performance impact assessment
484
507
485
-
This process ensures that security patches not only address vulnerabilities but maintain the reliability and performance characteristics of the MCP Gateway service, even under accelerated release schedules.
508
+
This process ensures that security patches not only address vulnerabilities but maintain the reliability and performance characteristics of the MCP Gateway service.
0 commit comments