MCP Security Analyst
@gleicon
关于 MCP Security Analyst
A MCP (Model Context Protocol) server to allow code security reviews using https://osv.dev (Open Source Vulnerabilities Database)
基本信息
配置
工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is MCP Security Analyst?
MCP Security Analyst is a Model Context Protocol server that provides comprehensive security analysis through integration with the OSV.dev vulnerability database, native Go-based code analysis, and Gitleaks v8 secret detection. It is designed for developers and AI assistants needing automated security scanning of dependencies, source code, and repositories.
How to use MCP Security Analyst?
Install by running make deps, make build, and make install, or use a pre-built release. Configure the binary /usr/local/bin/mcp-osv as an MCP server in Cursor IDE or Claude Desktop via stdio transport. Invoke the three built-in tools directly through the MCP interface.
Key features of MCP Security Analyst
- Supply chain vulnerability analysis via OSV.dev API
- Secret detection with 100+ Gitleaks v8 rules
- AST-based Go code analysis for security anti-patterns
- Regex-based pattern matching for common vulnerabilities
- MCP protocol support for AI assistant integration
- Community-vetted detection rules for credentials and keys
Use cases of MCP Security Analyst
- Check dependency versions for known vulnerabilities
- Scan repositories for hardcoded credentials and API keys
- Perform comprehensive security audits of code and dependencies
- Enable AI assistants to run security analysis via natural language
FAQ from MCP Security Analyst
What external services does MCP Security Analyst use?
It queries the OSV.dev vulnerability database for dependency checks and uses the Gitleaks v8 engine for secret detection. Native Go AST analysis runs locally.
What runtime dependencies are required?
Go 1.25.4 or later, plus the Go modules github.com/mark3labs/mcp-go and github.com/zricethezav/gitleaks/v8.
How are detected secrets displayed?
Secrets longer than 8 characters show the first 4 and last 4 characters with "***" in between. Secrets 8 characters or shorter are fully redacted.
What MCP tools does the server expose?
Three tools: check_vulnerabilities (OSV.dev queries), analyze_security (combined code analysis, secret detection, and vulnerability check), and scan_secrets (dedicated Gitleaks secret scanning with optional git history scan).
Does the server have rate limiting?
Yes, OSV.dev API requests are rate-limited to 1 request per second to prevent throttling.
开发工具 分类下的更多 MCP 服务器
Test
x1xhlolFULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI, VSCode Agent, Warp.dev, Windsurf, Xcode, Z.ai Code, Dia & v0. (And other Open Sou
JetBrains MCP Proxy Server
JetBrainsA model context protocol server to work with JetBrains IDEs: IntelliJ, PyCharm, WebStorm, etc. Also, works with Android Studio
FastAPI-MCP
tadata-orgExpose your FastAPI endpoints as Model Context Protocol (MCP) tools, with Auth!
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
sentry-mcp
getsentryAn MCP server for interacting with Sentry via LLMs.
评论