SAFE-MCP

Contribute to SAFE-MCP

Join our community in building practical security defenses for Model Context Protocol. As an open-source project under the OpenID Foundation and The Linux Foundation, every contribution matters.

40Techniques Available
9Active PRs
49%Framework Coverage
Browse Available TechniquesView RepositoryCode of Conduct

How to Contribute

1

Fork the Repository

Create your own fork of the SAFE-MCP repository to work on changes independently.

gh repo fork SAFE-MCP/safe-mcp
2

Create a Branch

Create a descriptive branch for your changes following our naming conventions.

git checkout -b feature/add-mitigation
3

Submit a PR

Open a pull request with a clear description of your changes and any related issues.

git push origin feature/add-mitigation

Need Step-by-Step Guidance?

Our comprehensive contributor guide walks you through the entire process—from setting up your workspace to submitting your pull request. Perfect for first-time contributors!

Read the Full Contributor Guide

Quick Actions

Report a Bug

Found a bug or security issue? Let us know so we can fix it.

Report Bug

Propose a Technique

Have an idea for a new technique or mitigation? Share it with the community.

Leadership Team

Led by industry experts in cloud-native security, Zero Trust, and software supply chain defense

Frederick Kautz

SAFE-MCP Specification Lead

zt.dev

Frederick Kautz is a distinguished leader in open-source and cloud-native communities, with over 10 years of Kubernetes and Docker experience, and extensive expertise in software supply chain security, Zero Trust, and networking.

Key Achievements

  • Co-authored NIST Special Publication 800-204D, defining strategies for software supply chain security in DevSecOps CI/CD pipelines, which significantly influenced the Department of Defense's Enterprise DevSecOps Fundamentals v2.5
  • Created in-toto Archivista, an open-source graph and storage service for in-toto attestations, enabling secure discovery and retrieval of software artifact attestations
  • Lead Architect at Elevance Health for the Sydney Health app, collaborating with the CISO to define Zero Trust strategy and GCP onboarding
  • Emeritus Co-Chair of KubeCon + CloudNativeCon, leading the global cloud-native community through and beyond the COVID phase

Current Leadership Roles

  • SPIFFE Steering Committee Member – Driving standards in workload identity and Zero Trust
  • OmniBOR and ProtoBOM Co-Creator – Advancing transparency in binary provenance and SBOM practices
  • Network Service Mesh Co-Founder – Modernizing network infrastructure for secure, cloud-native networking
  • CNCF TAG Security Contributor – Co-author of the Cloud Native Security White Paper

Innovation & Standards

  • Defined the CNF: Cloud Native Network Function, transforming network service provider architectures for Kubernetes
  • Developed one of the first federated learning platforms for healthcare in 2019, enabling collaborative research while preserving patient privacy
  • Founded Red Hat Container Storage Engine, providing storage solutions for containers
  • Architected WorkOS at Elevance Health, an enterprise platform streamlining operations with advanced security measures

Community Involvement: Former Program Committee Member for KubeCon EU & NA, Open Networking Summit, Edge Computing World, and former LFPH Technical Advisory Committee Member. Active contributor to CNCF TAG Security, NTIA SBOM Working Group, and various cloud-native initiatives.

Arjun Subedi

LinkedIn

Bishnu Bista

LinkedIn