How to Run MCP Servers with Docker

Escrito por

0 minutos de leitura

MCP servers are integrations that connect to many MCP hosts nowadays, whether you use Cursor, Claude Desktop, or others. However, most of these MCP integrations involve setup instructions that require end-users to install and instantiate the MCP server locally. This is where Docker comes in.

Before we dive into Docker, let’s review a few references showing how popular it is to instruct developers to connect MCP servers over local processes through the STDIO interface.

The following is an example taken from VS Code MCP servers integration reference via its dedicated .vscode/mcp.json file:

{
  "servers": {
    "Perplexity": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-perplexity-ask"],
      "env": {
        "PERPLEXITY_API_KEY": "${input:perplexity-key}"
      }
    }
  }
}

Here’s another example, demonstrating Cursor’s .cursor/mcp.json file:

{
    "mcpServers": {
      "npm-package-info": {
        "command": "node",
        "args": ["/Users/lirantal/projects/repos/mcp-server-npm"]
      },
    }
  }

These examples follow many common usage patterns for MCP servers, which involve running them locally by spawning system processes (in simple terms, “commands”).

It’s not always ideal to run MCP servers by executing commands, so is there an alternative?

Security risks and struggles with locally running MCP Servers

Running MCP servers locally can sometimes be an annoyance. There are also various security concerns with doing so. This is further a challenge beyond the glaring AI security guardrails that developers and security teams need to follow.

A few examples of frustrations developers and security teams will run into when required to run MCP servers locally include:

Local environment setup — For example, if I’m not a Python developer and the MCP server I want to connect with is built in Python and requires pulling upstream dependencies to build and run the project, then this will create further friction and struggle to set up.
Operating system dependency — Another common troubleshooting scenario is that commands need to be specified and composed differently between different operating systems, depending if you’re running on Windows, macOS, or Linux.
Malicious MCP servers — If the MCP server code were malicious, it would immediately have access to everything in my development environment.

Run MCP Servers with Docker

One way to circumvent this is to return to an old and tested methodology of wrapping application artifacts with Docker.

Docker gained its popularity with developers’ needs to build and deploy artifacts such as backend services to the cloud in a standard and repeatable way. Docker also made local testing and reproducibility of microservice architectures a breeze with the Docker Compose file.

Now, Docker is also back to help us with spinning up MCP servers inside Docker containers. Let’s review a few examples of those.

Adding GitHub MCP Server on Docker to Qodo Gen

GitHub’s MCP Server is an integration that gives you access to your GitHub account, allowing you to query repository data and take actions such as opening an issue and other methods you’d drive the GitHub API towards.

To spawn GitHub MCP Server via Docker, we’d normally run a command such as:

docker run -i --rm -e GITHUB_PERSONAL_ACCESS_TOKEN=1234 ghcr.io/github/github-mcp-server

To run that command successfully, you need to:

Have Docker installed so you can run the `docker command
Ensure you have the Docker application running
Create a personal access token (PAT) for your GitHub account (preferably with as least permissions as possible)

Then, executing the command will result in pulling the `github-mcp-server image from the GitHub Container Registry and providing it with the PAT as an environment variable.

However, we don’t need to run this Docker command spontaneously on the CLI but rather provide this command instruction as an MCP Server configuration that runs via process STDIO transport type.

I’ll demonstrate using VS Code and the Qodo Gen agentic AI code tool.

{
    "docker": {
        "command": "docker",
        "args": [
            "run",
            "-i",
            "--rm",
            "-e",
            "GITHUB_PERSONAL_ACCESS_TOKEN",
            "ghcr.io/github/github-mcp-server"
        ],
        "env": {
            "GITHUB_PERSONAL_ACCESS_TOKEN": "github_pat_1234"
        }
    }
}

In Qodo Gen extension view, click on the Tools and then click on the top left button for Add New MCP, which will show you the following New Agentic Tool view. Then we paste the JSON into it and click Save.

Qodo Gen 'New Agentic Tool' view in VS Code with JSON configuration for GitHub MCP Docker setup pasted into the text area.

Now, give it a minute or two until the container pulls the latest Docker image for the GitHub MCP Server from the network and then spins it up. While it’s waiting, you’ll see an indication as follows:

Qodo Gen 'Custom MCPs' list showing a 'Snyk' tool and a 'docker' tool, both toggled on.

Once it has finished loading, you can see all the available tools:

Qodo Gen interface showing the 'docker' MCP (GitHub server) expanded, listing available tools like 'add_issue_comment' and 'create_branch'

Now, we can query right from the chat to ask any questions about the code repository:

MCP Servers security follow-up

If you find yourself relating to the MCP server setup struggles and security concerns in this post, I highly recommend reading up on the following AI security articles to set yourself up for success:

10 best practices for securely developing with AI
Read up on prompt injection and other AI attacks
If you are exploring RAG (Retrieval Augmented Generation) then I highly recommend the following write-up on How to Secure RAG

Ready to approach AI safely?

Download our Buyer’s Guide to Generative AI Code Security to start adopting generative AI coding tools, like GitHub Copilot, Google Gemini, and Amazon CodeWhisperer, without the risk.

A plataforma de segurança para desenvolvedores