MCP Security Analyst
@gleicon
MCP Security Analyst について
A MCP (Model Context Protocol) server to allow code security reviews using https://osv.dev (Open Source Vulnerabilities Database)
基本情報
設定
ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is MCP Security Analyst?
MCP Security Analyst is a Model Context Protocol server that provides comprehensive security analysis through integration with the OSV.dev vulnerability database, native Go-based code analysis, and Gitleaks v8 secret detection. It is designed for developers and AI assistants needing automated security scanning of dependencies, source code, and repositories.
How to use MCP Security Analyst?
Install by running make deps, make build, and make install, or use a pre-built release. Configure the binary /usr/local/bin/mcp-osv as an MCP server in Cursor IDE or Claude Desktop via stdio transport. Invoke the three built-in tools directly through the MCP interface.
Key features of MCP Security Analyst
- Supply chain vulnerability analysis via OSV.dev API
- Secret detection with 100+ Gitleaks v8 rules
- AST-based Go code analysis for security anti-patterns
- Regex-based pattern matching for common vulnerabilities
- MCP protocol support for AI assistant integration
- Community-vetted detection rules for credentials and keys
Use cases of MCP Security Analyst
- Check dependency versions for known vulnerabilities
- Scan repositories for hardcoded credentials and API keys
- Perform comprehensive security audits of code and dependencies
- Enable AI assistants to run security analysis via natural language
FAQ from MCP Security Analyst
What external services does MCP Security Analyst use?
It queries the OSV.dev vulnerability database for dependency checks and uses the Gitleaks v8 engine for secret detection. Native Go AST analysis runs locally.
What runtime dependencies are required?
Go 1.25.4 or later, plus the Go modules github.com/mark3labs/mcp-go and github.com/zricethezav/gitleaks/v8.
How are detected secrets displayed?
Secrets longer than 8 characters show the first 4 and last 4 characters with "***" in between. Secrets 8 characters or shorter are fully redacted.
What MCP tools does the server expose?
Three tools: check_vulnerabilities (OSV.dev queries), analyze_security (combined code analysis, secret detection, and vulnerability check), and scan_secrets (dedicated Gitleaks secret scanning with optional git history scan).
Does the server have rate limiting?
Yes, OSV.dev API requests are rate-limited to 1 request per second to prevent throttling.
「開発者ツール」の他のコンテンツ
MCP Framework
QuantGeekDevThe Typescript MCP Framework
OpenSumi
opensumiA framework helps you quickly build AI Native IDE products. MCP Client, supports Model Context Protocol (MCP) tools via MCP server.
Unity MCP (Server + Plugin)
IvanMurzakAI Skills, MCP Tools, and CLI for Unity Engine. Full AI develop and test loop. Use cli for quick setup. Efficient token usage, advanced tools. Any C# method may be turned into a tool by a single line. Works with Claude Code, Gemini, Copilot, Cursor and any other absolutely for fr
test
prysmaticlabsGo implementation of Ethereum proof of stake
TalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.
コメント