MCP Security Analyst
@gleicon
About MCP Security Analyst
A MCP (Model Context Protocol) server to allow code security reviews using https://osv.dev (Open Source Vulnerabilities Database)
Basic information
Config
No standard config provided
This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.
RepositoryTools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is MCP Security Analyst?
MCP Security Analyst is a Model Context Protocol server that provides comprehensive security analysis through integration with the OSV.dev vulnerability database, native Go-based code analysis, and Gitleaks v8 secret detection. It is designed for developers and AI assistants needing automated security scanning of dependencies, source code, and repositories.
How to use MCP Security Analyst?
Install by running make deps, make build, and make install, or use a pre-built release. Configure the binary /usr/local/bin/mcp-osv as an MCP server in Cursor IDE or Claude Desktop via stdio transport. Invoke the three built-in tools directly through the MCP interface.
Key features of MCP Security Analyst
- Supply chain vulnerability analysis via OSV.dev API
- Secret detection with 100+ Gitleaks v8 rules
- AST-based Go code analysis for security anti-patterns
- Regex-based pattern matching for common vulnerabilities
- MCP protocol support for AI assistant integration
- Community-vetted detection rules for credentials and keys
Use cases of MCP Security Analyst
- Check dependency versions for known vulnerabilities
- Scan repositories for hardcoded credentials and API keys
- Perform comprehensive security audits of code and dependencies
- Enable AI assistants to run security analysis via natural language
FAQ from MCP Security Analyst
What external services does MCP Security Analyst use?
It queries the OSV.dev vulnerability database for dependency checks and uses the Gitleaks v8 engine for secret detection. Native Go AST analysis runs locally.
What runtime dependencies are required?
Go 1.25.4 or later, plus the Go modules github.com/mark3labs/mcp-go and github.com/zricethezav/gitleaks/v8.
How are detected secrets displayed?
Secrets longer than 8 characters show the first 4 and last 4 characters with "***" in between. Secrets 8 characters or shorter are fully redacted.
What MCP tools does the server expose?
Three tools: check_vulnerabilities (OSV.dev queries), analyze_security (combined code analysis, secret detection, and vulnerability check), and scan_secrets (dedicated Gitleaks secret scanning with optional git history scan).
Does the server have rate limiting?
Yes, OSV.dev API requests are rate-limited to 1 request per second to prevent throttling.
More Developer Tools MCP servers
sentry-mcp
getsentryAn MCP server for interacting with Sentry via LLMs.
Grafana MCP server
grafanaMCP server for Grafana
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
DevDocs by CyberAGI 🚀
cyberagiincCompletely free, private, UI based Tech Documentation MCP server. Designed for coders and software developers in mind. Easily integrate into Cursor, Windsurf, Cline, Roo Code, Claude Desktop App
MCP-Bridge
SecretiveShellA middleware to provide an openAI compatible endpoint that can call MCP tools
Comments