MCP Security Scans
@mcp-research
关于 MCP Security Scans
Research project by
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"mcp-security-scans": {
"command": "python",
"args": [
"-m",
"venv",
".venv"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is MCP Security Scans?
MCP Security Scans is a Python script that automates forking repositories from the mcp-agents-ai/mcp-agents-hub and enabling GitHub Advanced Security (GHAS) features on the forks. It is designed for developers and security teams who want to centralize and secure MCP server configurations.
How to use MCP Security Scans?
Clone the repository, create a Python virtual environment, install dependencies from requirements.txt and requirements-dev.txt, set up a GitHub App with required permissions, then set the GH_APP_ID and GH_APP_PRIVATE_KEY environment variables. Run python -m src.process_mcp_repos to fork and enable security features; optionally use --target-org to specify a different target organization.
Key features of MCP Security Scans
- Supports loading MCP server configurations from multiple repository sources.
- Authenticates with GitHub using a GitHub App.
- Forks repositories into a specified target organization.
- Checks for existing forks before creating new ones.
- Enables Dependency Scanning, Security Fixes, Secret Scanning, and Code Scanning.
- Reports total repos processed and Dependabot configuration status.
Use cases of MCP Security Scans
- Automate centralizing MCP server repositories under a single organization.
- Enforce baseline security scanning on all forked MCP repositories.
- Identify which forks lack a Dependabot configuration for dependency updates.
- Integrate security compliance into an MCP repository management pipeline.
FAQ from MCP Security Scans
What dependencies are required?
Python 3, a virtual environment, and packages listed in requirements.txt and requirements-dev.txt.
How do I authenticate with GitHub?
You must create a GitHub App, grant it the necessary repository and organization permissions, install it on the target organization, and set the GH_APP_ID and GH_APP_PRIVATE_KEY environment variables.
What GitHub Advanced Security features does it enable?
It enables Dependency Scanning (Vulnerability Alerts), Automated Security Fixes, Secret Scanning, and Code Scanning with Default Setup (where supported).
Can I fork repositories into a different organization?
Yes, use the --target-org argument when running the script; the default organization is mcp-research.
How does the script handle already-forked repositories?
It checks if a fork already exists before attempting to create one, avoiding duplicate forks.
开发工具 分类下的更多 MCP 服务器
test
harlancA simple,high performance and secure live media server in pure Rust (RTMP[cluster]/RTSP/WebRTC[whip/whep]/HTTP-FLV/HLS).🦀
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
Serena
oraiosA powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent
OpenSumi
opensumiA framework helps you quickly build AI Native IDE products. MCP Client, supports Model Context Protocol (MCP) tools via MCP server.
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
评论