MCP Security Scans
@mcp-research
MCP Security Scans について
Research project by
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"mcp-security-scans": {
"command": "python",
"args": [
"-m",
"venv",
".venv"
]
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is MCP Security Scans?
MCP Security Scans is a Python script that automates forking repositories from the mcp-agents-ai/mcp-agents-hub and enabling GitHub Advanced Security (GHAS) features on the forks. It is designed for developers and security teams who want to centralize and secure MCP server configurations.
How to use MCP Security Scans?
Clone the repository, create a Python virtual environment, install dependencies from requirements.txt and requirements-dev.txt, set up a GitHub App with required permissions, then set the GH_APP_ID and GH_APP_PRIVATE_KEY environment variables. Run python -m src.process_mcp_repos to fork and enable security features; optionally use --target-org to specify a different target organization.
Key features of MCP Security Scans
- Supports loading MCP server configurations from multiple repository sources.
- Authenticates with GitHub using a GitHub App.
- Forks repositories into a specified target organization.
- Checks for existing forks before creating new ones.
- Enables Dependency Scanning, Security Fixes, Secret Scanning, and Code Scanning.
- Reports total repos processed and Dependabot configuration status.
Use cases of MCP Security Scans
- Automate centralizing MCP server repositories under a single organization.
- Enforce baseline security scanning on all forked MCP repositories.
- Identify which forks lack a Dependabot configuration for dependency updates.
- Integrate security compliance into an MCP repository management pipeline.
FAQ from MCP Security Scans
What dependencies are required?
Python 3, a virtual environment, and packages listed in requirements.txt and requirements-dev.txt.
How do I authenticate with GitHub?
You must create a GitHub App, grant it the necessary repository and organization permissions, install it on the target organization, and set the GH_APP_ID and GH_APP_PRIVATE_KEY environment variables.
What GitHub Advanced Security features does it enable?
It enables Dependency Scanning (Vulnerability Alerts), Automated Security Fixes, Secret Scanning, and Code Scanning with Default Setup (where supported).
Can I fork repositories into a different organization?
Yes, use the --target-org argument when running the script; the default organization is mcp-research.
How does the script handle already-forked repositories?
It checks if a fork already exists before attempting to create one, avoiding duplicate forks.
「開発者ツール」の他のコンテンツ
OpenSumi
opensumiA framework helps you quickly build AI Native IDE products. MCP Client, supports Model Context Protocol (MCP) tools via MCP server.
Burp Suite MCP Server Extension
PortSwiggerMCP Server for Burp
Hello World MCP Server (Reference Extension)
anthropicsDesktop Extensions: One-click local MCP server installation in desktop apps
Deepwiki MCP Server
regenrek📖 MCP server for fetch deepwiki.com and get latest knowledge in Cursor and other Code Editors
Grafana MCP server
grafanaMCP server for Grafana
コメント