Overview
Cursor IDE supports the Model Context Protocol (MCP) through its Composer Agent, enabling real-time security scanning and threat detection during development. This integration allows developers to automatically analyze code for security vulnerabilities as they write.
Prerequisites
- Cursor IDE installed
- Prisma AIRS MCP server running and accessible
- Valid Prisma AIRS API credentials
Quick Start
- Create
.cursor/mcp.jsonin your project root - Add the Prisma AIRS server configuration
- Open Cursor and the security tools will be available in Composer
Configuration Methods
Option 1: Project Configuration (Recommended for Teams)
Create a .cursor/mcp.json file in your project to configure the Prisma AIRS MCP server for your team.
- Create a
.cursor/mcp.jsonfile in your project root - Add the following configuration:
{
"mcpServers": {
"prisma-airs": {
"url": "YOUR_PRISMA_AIRS_URL"
}
}
}
Replace YOUR_PRISMA_AIRS_URL with your server endpoint:
| Environment | URL Example |
|---|---|
| Local Development | http://localhost:3000 |
| Docker (default) | http://localhost:3000 |
| Docker (custom port) | http://localhost:3100 |
| Production | https://airs.example.com |
| SaaS Deployment | https://airs.cdot.io/prisma-airs |
Option 2: Global Configuration (For Individual Use)
To configure the Prisma AIRS MCP server for all your projects:
- Create
~/.cursor/mcp.jsonin your home directory - Add the same configuration as above
Configuration Examples
Development Environment
{
"mcpServers": {
"prisma-airs-dev": {
"url": "http://localhost:3000"
}
}
}
Production Environment with Headers
{
"mcpServers": {
"prisma-airs": {
"url": "https://airs.example.com/mcp",
"headers": {
"API_KEY": "your-api-key-here"
}
}
}
}
Multiple Environments
{
"mcpServers": {
"prisma-airs-dev": {
"url": "http://localhost:3000"
},
"prisma-airs-staging": {
"url": "https://staging.airs.example.com"
},
"prisma-airs-prod": {
"url": "https://airs.example.com"
}
}
}
Using Security Tools
Available Tools
Once connected, these Prisma AIRS security tools become available in Cursor:
| Tool Name | Description |
|---|---|
airs_scan_content |
Real-time security scanning |
airs_scan_async |
Batch content scanning |
airs_get_scan_results |
Retrieve scan results |
airs_get_threat_reports |
Detailed threat analysis |
airs_clear_cache |
Clear server cache |
Accessing Tools in Cursor
The Composer Agent automatically uses MCP tools when relevant. You can:
- Ask for a specific tool by name
- Describe what security check you need
- Enable or disable tools from settings
Tool Toggling
Enable or disable MCP tools directly from the chat interface:
- Click a tool name in the Available Tools list to toggle it
- Disabled tools won’t be loaded into context
- Tools remain available but unused when disabled
Tool Approval
By default, Composer asks for approval before using MCP tools:
- Click the arrow next to the tool name to see arguments
- Review the tool parameters
- Approve or deny the tool usage
Auto-run Mode
Enable auto-run (Yolo mode) for Composer to use MCP tools without asking:
- Works like terminal commands
- Speeds up workflow for trusted tools
- Configure in Cursor settings
Example Workflows
Security Code Review
@composer Please review this function for security vulnerabilities using Prisma AIRS
API Endpoint Security
Scan this API endpoint for injection attacks and data exposure risks
Sensitive Data Detection
Check if this code properly handles PII and sensitive data according to compliance policies
Batch Security Scan
Run a security scan on all files in the /api directory for potential vulnerabilities
Working with Images
MCP servers can return images (screenshots, diagrams, security reports). Cursor automatically:
- Attaches returned images to the chat
- Analyzes them if the model supports images
- Displays base64-encoded images inline
Security Considerations
When installing MCP servers:
- Verify the source: Only use trusted MCP servers
- Review permissions: Check what data the server accesses
- Limit API keys: Use restricted keys with minimal permissions
- Audit code: Review server source code for critical integrations
- Use HTTPS: Always use encrypted connections for production
Troubleshooting
Common Issues
Server Not Connecting
Symptoms: Tools not appearing in Available Tools list
Solutions:
-
Verify server is running:
curl http://localhost:3000/health -
Check configuration file:
cat .cursor/mcp.json | jq . -
Verify URL is accessible from Cursor
Authentication Errors
Symptoms: 401/403 errors when using tools
Solutions:
- Check API key configuration
- Verify credentials are valid
- Ensure proper headers are set in config
Tool Execution Failures
Symptoms: Tools fail to execute or return errors
Solutions:
- Check server logs for detailed errors
- Verify input parameters are correct
- Ensure rate limits aren’t exceeded
Best Practices
- Environment Separation
- Use descriptive server names
- Separate dev/staging/prod configurations
- Document URLs in project README
- Team Collaboration
- Use project-level
.cursor/mcp.json - Commit configuration to version control
- Share security scanning workflows
- Use project-level
- Security
- Never commit API keys to repositories
- Use environment variables for sensitive data
- Rotate credentials regularly
- Performance
- Enable only needed tools
- Monitor rate limits
- Use async scanning for large batches
Integration Examples
Pre-commit Hook
#!/bin/bash
# .git/hooks/pre-commit
echo "Running Prisma AIRS security scan..."
# Add your scanning logic here
CI/CD Pipeline
# GitHub Actions example
- name: Security Scan
run: |
echo "Scan code with Prisma AIRS"
# Add scanning commands
Next Steps
- Explore available security features
- Review threat detection capabilities
- Set up OAuth authentication