MCP.so
ログイン

MCP Security Analyst

@gleicon

MCP Security Analyst について

A MCP (Model Context Protocol) server to allow code security reviews using https://osv.dev (Open Source Vulnerabilities Database)

基本情報

カテゴリ

開発者ツール

ランタイム

go

トランスポート

stdio

公開者

gleicon

設定

標準の設定はありません

このサーバーの README には解析可能な MCP 設定ブロックが含まれていません。インストール手順はリポジトリをご確認ください。

リポジトリ

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is MCP Security Analyst?

MCP Security Analyst is a Model Context Protocol server that provides comprehensive security analysis through integration with the OSV.dev vulnerability database, native Go-based code analysis, and Gitleaks v8 secret detection. It is designed for developers and AI assistants needing automated security scanning of dependencies, source code, and repositories.

How to use MCP Security Analyst?

Install by running make deps, make build, and make install, or use a pre-built release. Configure the binary /usr/local/bin/mcp-osv as an MCP server in Cursor IDE or Claude Desktop via stdio transport. Invoke the three built-in tools directly through the MCP interface.

Key features of MCP Security Analyst

  • Supply chain vulnerability analysis via OSV.dev API
  • Secret detection with 100+ Gitleaks v8 rules
  • AST-based Go code analysis for security anti-patterns
  • Regex-based pattern matching for common vulnerabilities
  • MCP protocol support for AI assistant integration
  • Community-vetted detection rules for credentials and keys

Use cases of MCP Security Analyst

  • Check dependency versions for known vulnerabilities
  • Scan repositories for hardcoded credentials and API keys
  • Perform comprehensive security audits of code and dependencies
  • Enable AI assistants to run security analysis via natural language

FAQ from MCP Security Analyst

What external services does MCP Security Analyst use?

It queries the OSV.dev vulnerability database for dependency checks and uses the Gitleaks v8 engine for secret detection. Native Go AST analysis runs locally.

What runtime dependencies are required?

Go 1.25.4 or later, plus the Go modules github.com/mark3labs/mcp-go and github.com/zricethezav/gitleaks/v8.

How are detected secrets displayed?

Secrets longer than 8 characters show the first 4 and last 4 characters with "***" in between. Secrets 8 characters or shorter are fully redacted.

What MCP tools does the server expose?

Three tools: check_vulnerabilities (OSV.dev queries), analyze_security (combined code analysis, secret detection, and vulnerability check), and scan_secrets (dedicated Gitleaks secret scanning with optional git history scan).

Does the server have rate limiting?

Yes, OSV.dev API requests are rate-limited to 1 request per second to prevent throttling.

コメント

「開発者ツール」の他のコンテンツ