MCP.so
Sign In

MCP Security Analyst

@gleicon

About MCP Security Analyst

A MCP (Model Context Protocol) server to allow code security reviews using https://osv.dev (Open Source Vulnerabilities Database)

Basic information

Category

Developer Tools

Runtime

go

Transports

stdio

Publisher

gleicon

Config

No standard config provided

This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.

Repository

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is MCP Security Analyst?

MCP Security Analyst is a Model Context Protocol server that provides comprehensive security analysis through integration with the OSV.dev vulnerability database, native Go-based code analysis, and Gitleaks v8 secret detection. It is designed for developers and AI assistants needing automated security scanning of dependencies, source code, and repositories.

How to use MCP Security Analyst?

Install by running make deps, make build, and make install, or use a pre-built release. Configure the binary /usr/local/bin/mcp-osv as an MCP server in Cursor IDE or Claude Desktop via stdio transport. Invoke the three built-in tools directly through the MCP interface.

Key features of MCP Security Analyst

  • Supply chain vulnerability analysis via OSV.dev API
  • Secret detection with 100+ Gitleaks v8 rules
  • AST-based Go code analysis for security anti-patterns
  • Regex-based pattern matching for common vulnerabilities
  • MCP protocol support for AI assistant integration
  • Community-vetted detection rules for credentials and keys

Use cases of MCP Security Analyst

  • Check dependency versions for known vulnerabilities
  • Scan repositories for hardcoded credentials and API keys
  • Perform comprehensive security audits of code and dependencies
  • Enable AI assistants to run security analysis via natural language

FAQ from MCP Security Analyst

What external services does MCP Security Analyst use?

It queries the OSV.dev vulnerability database for dependency checks and uses the Gitleaks v8 engine for secret detection. Native Go AST analysis runs locally.

What runtime dependencies are required?

Go 1.25.4 or later, plus the Go modules github.com/mark3labs/mcp-go and github.com/zricethezav/gitleaks/v8.

How are detected secrets displayed?

Secrets longer than 8 characters show the first 4 and last 4 characters with "***" in between. Secrets 8 characters or shorter are fully redacted.

What MCP tools does the server expose?

Three tools: check_vulnerabilities (OSV.dev queries), analyze_security (combined code analysis, secret detection, and vulnerability check), and scan_secrets (dedicated Gitleaks secret scanning with optional git history scan).

Does the server have rate limiting?

Yes, OSV.dev API requests are rate-limited to 1 request per second to prevent throttling.

Comments

More Developer Tools MCP servers