Hi,
We would like to integrate AKS CVE related data into AKS MCP to provide up-to-date CVE information to the AKS user. We propose to add the following MCP tools:
az_aks_cve_get_security_bulletins: Get comprehensive AKS security bulletins and CVE advisories
az_aks_cve_get_active_versions: Get currently supported AKS, VHD, and K8S release versions
az_aks_get_cve_status_by_component: Get CVE status and impact analysis for specific components across release categories
The data will be retrieved from public data endpoint: https://cve-api.prod-aks.azure.com/ (AKS CVE API, sample data) and https://releases.aks.azure.com/ (release tracker).
We aim to use the above tools allow user to query about live CVEs and mitigation status from their AKS clusters, example scenarios:
- list AKS managed addons impacted by CVE X
- tell me how to mitigate CVE Y in my cluster (using
az_aks_get_cve_status_by_component)
- tell me about the impact of nginx ingress CVE
CVE-2025-1098 (using az_aks_cve_get_security_bulletins)
- ...
We will also provide sample prompts to help the user troubleshoot / investigate usages around the vulneriabilities in their AKS clusters. @feiskyer / @julia-yin do you have any objections / concerns for us to implement above tools?
cc @riyac12
Hi,
We would like to integrate AKS CVE related data into AKS MCP to provide up-to-date CVE information to the AKS user. We propose to add the following MCP tools:
az_aks_cve_get_security_bulletins: Get comprehensive AKS security bulletins and CVE advisoriesaz_aks_cve_get_active_versions: Get currently supported AKS, VHD, and K8S release versionsaz_aks_get_cve_status_by_component: Get CVE status and impact analysis for specific components across release categoriesThe data will be retrieved from public data endpoint:
https://cve-api.prod-aks.azure.com/(AKS CVE API, sample data) andhttps://releases.aks.azure.com/(release tracker).We aim to use the above tools allow user to query about live CVEs and mitigation status from their AKS clusters, example scenarios:
az_aks_get_cve_status_by_component)CVE-2025-1098(usingaz_aks_cve_get_security_bulletins)We will also provide sample prompts to help the user troubleshoot / investigate usages around the vulneriabilities in their AKS clusters. @feiskyer / @julia-yin do you have any objections / concerns for us to implement above tools?
cc @riyac12