How to Connect Cursor to GitHub and Codacy MCP Servers and Supercharge Your Application Security

In this article:
Subscribe to our blog:

AI tools are changing the game for developers. Whether you're using them to autocomplete code, generate new code, debug issues, or even streamline your CI/CD pipeline, AI-powered tools can save you time and speed up the development process. Once you start using them, it’s hard to go back.

MCP servers are the latest innovation in the AI-assisted development landscape. MCP acts as a bridge between an AI model and various data sources, enabling real-time query and retrieval of information. This game-changing technology aims to transform how software developers interact with their codebase.  

This is a step-by-step guide on connecting AI code editors like Cursor and Windsurf with any MCP server. We will demonstrate this by integrating the MCP servers for GitHub and Codacy (Codacy Guardrails). 

What is Model Context Protocol (MCP)?

MCP is an open-source protocol that provides a way for AI assistants to safely and securely connect to external tools and data sources. It’s like a bi-directional communication bridge that not only allows AI tools to get the needed context but also gives AI the ability to take action.

Take your company’s Notion workspace, GitHub account, or application security tool, for example. By installing the relevant MCP server in your AI assistant (like Cursor, Windsurf, etc.), you can get it to pull relevant data or trigger actions in those tools, like searching documents in Notion, creating a new commit in GitHub, or finding critical security issues in your codebase. 

MCP helps you build agents and complex workflows on top of LLMs, all while you chat naturally with it. This is a game-changer for productivity, as tasks that used to require switching between 6 different apps can now happen in a single conversation with your agent. 

How to Connect Cursor to GitHub (and Over 100 Other MCP Servers)

GitHub is by far the most popular Git hosting site for open-source software and proprietary projects. This guide focuses on GitHub because it’s the platform developers use the most. However, note that the process for connecting Cursor to any other MCP server is similar. 

Here’s a step-by-step guide on how to connect Cursor to GitHub’s API via its MCP server.

Step 1: Prerequisites

To follow this tutorial, you’ll need to have the following programs installed on your local machine:

Step 2: Edit the mcp.json file

Go to your Cursor settings page, click “Add new global MCP server,” and click the pencil icon to edit the mcp.json file.

Add this block of code:

 

"github" {
  "command": "docker",
  "args": [
    "run",
    "-i",
    "--rm",
    "-e",
    "GITHUB_PERSONAL_ACCESS_TOKEN"
  ],
  "env": {
    "GITHUB_PERSONAL_ACCESS_TOKEN": "your-github-access-token"
  }
}

As you can see, you’ll need to generate a personal access token in GitHub, which you’ll need to access GitHub’s API from your AI agent. Sign in to your GitHub account, click on your profile picture (in the top right corner), and navigate to Settings > Developer Settings.

Toggle “Personal access token”, select the “Fine-grained token” option, and then click Generate new token. On the following page, fill out the following details:

  • Token name: github mcp cursor
  • Expiration: 7 days
  • Repository access: Public repositories (read-only)

For this demonstration, we’ll be reading data from GitHub, but we’ll not modify anything (e.g., create new repos, modify files, add new files, etc.). If you want to make modifications, select “All repositories” or “Only select repositories” under “Repository access” and tweak the Repository permissions to suit your needs. 

Once you’re done, click Generate token.

Copy the token from GitHub, return to the mcp.json file, and paste it. Now your GitHub MCP server should be labeled.

codacy guardrails mcp server and github

Now your AI agent can create a branch, a new issue, or even a new file in your repository.  

Step 3: Using the Server Directly Within the Chat Agent

Now you can interact with GitHub directly from Cursor via chats. 

Click the Cmd + L command (for Mac) or Ctrl + L (for Windows/Linux) to toggle the chat window. You can ask the agent anything related to the connected GitHub account and have your response instantly. 

While this is a minimal example, it offers a glimpse of how much this tool can enhance developer productivity. Tasks that previously required switching between different apps and contexts can now be performed in one place, with a few prompts.

Remember also that GitHub is just one example. You can integrate your AI-based code editors with 100s of other platforms and tools via MCP servers. There are MCP tools for browser automation, image generation and manipulation, git workflow management, weather and location data, memory management, debugging, etc.  

Supercharge Your Application Security With Codacy’s MCP Server (Codacy Guardrails)

Codacy isn’t just a comprehensive application security platform. We also aim to enhance developer productivity and make the AppSec process seamless. 

Codacy Guardrails blends reliable security into AI-based code editors (including Cursor and Windsurf), making it a crucial tool for fast-moving teams to maintain security and code quality in AI-assisted development.

Codacy Guardrails comes with its own MCP server that grants our customers full access to all the security and quality information of their repos and organizations. The MCP server turns any LLM into a powerhouse for code intelligence, enabling it to understand and act on quality and security standards, automatically resolve issues, boost test coverage, prioritize work with precision, generate insightful reports, and break down code data in whatever way you need.

How to install Codacy’s MCP server in Cursor and Windsurf: 

  1. Search for Codacy in the extension browser and install it

  2. Sign in to Codacy (or sign up for a free account) to authorize Cursor 

  3. Press the “Install MCP Server” button in the extension

This will enable the MCP server.

codacy guardrails mcp server

With that, you’ve successfully linked Cursor to your Codacy account, meaning you can now ask it for information or even execute actions right from Cursor. Let’s demonstrate by asking it to “Find and fix the critical and medium severity issues in this repo (samplecodacy)”. Here’s the response we got:

codacy guardrails and cursor

As you can see, it not only identified security and quality issues in the repository, but also recommended several improvements—and even made it easy to apply them with a single click of the “Accept” button. It’s also worth mentioning that Codacy now performs local scanning as the AI generates code. 

Codacy Guardrails is a fundamental part of your workflow to make sure software is secure and reliable. By chatting naturally with your AI agent, you can ask Codacy anything regarding your code’s health and even get it to implement improvements automatically. Imagine the wonders that it will do to your productivity.

Check out Codacy Guardrails in action and the installation/set-up guide for detailed instructions on integrating Guardrails in VSCode Copilot Agent, Claude Code, and others.  

Try Codacy Guardrails today. 






RELATED
BLOG POSTS

Codacy Guardrails: Free Real Time Enforcement of Security and Quality Standards
Last week, we unveiled Codacy Guardrails and its first small “hello world” moment: an MCP server that can connect with Codacy security and quality data...
Introducing Codacy Guardrails
AI has intertwined itself with software development. In every phase, developers are being enhanced and assisted in producing software faster.
How to use an external NFS Server with Codacy
Part of my job as a Solutions Engineer at Codacy is to help customers performing on-prem installations.

Automate code
reviews on your commits and pull request

Group 13