MCP.so
Sign In

MCP Security Scans

@mcp-research

About MCP Security Scans

Research project by

Basic information

Category

Developer Tools

License

MIT license

Runtime

python

Transports

stdio

Publisher

mcp-research

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "mcp-security-scans": {
      "command": "python",
      "args": [
        "-m",
        "venv",
        ".venv"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is MCP Security Scans?

MCP Security Scans is a Python script that automates forking repositories from the mcp-agents-ai/mcp-agents-hub and enabling GitHub Advanced Security (GHAS) features on the forks. It is designed for developers and security teams who want to centralize and secure MCP server configurations.

How to use MCP Security Scans?

Clone the repository, create a Python virtual environment, install dependencies from requirements.txt and requirements-dev.txt, set up a GitHub App with required permissions, then set the GH_APP_ID and GH_APP_PRIVATE_KEY environment variables. Run python -m src.process_mcp_repos to fork and enable security features; optionally use --target-org to specify a different target organization.

Key features of MCP Security Scans

  • Supports loading MCP server configurations from multiple repository sources.
  • Authenticates with GitHub using a GitHub App.
  • Forks repositories into a specified target organization.
  • Checks for existing forks before creating new ones.
  • Enables Dependency Scanning, Security Fixes, Secret Scanning, and Code Scanning.
  • Reports total repos processed and Dependabot configuration status.

Use cases of MCP Security Scans

  • Automate centralizing MCP server repositories under a single organization.
  • Enforce baseline security scanning on all forked MCP repositories.
  • Identify which forks lack a Dependabot configuration for dependency updates.
  • Integrate security compliance into an MCP repository management pipeline.

FAQ from MCP Security Scans

What dependencies are required?

Python 3, a virtual environment, and packages listed in requirements.txt and requirements-dev.txt.

How do I authenticate with GitHub?

You must create a GitHub App, grant it the necessary repository and organization permissions, install it on the target organization, and set the GH_APP_ID and GH_APP_PRIVATE_KEY environment variables.

What GitHub Advanced Security features does it enable?

It enables Dependency Scanning (Vulnerability Alerts), Automated Security Fixes, Secret Scanning, and Code Scanning with Default Setup (where supported).

Can I fork repositories into a different organization?

Yes, use the --target-org argument when running the script; the default organization is mcp-research.

How does the script handle already-forked repositories?

It checks if a fork already exists before attempting to create one, avoiding duplicate forks.

Comments

More Developer Tools MCP servers