Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Secscan

БесплатноНе проверен

MCP server for Cursor that scans codebases for security issues including hardcoded secrets, SAST, vulnerable dependencies, and IaC misconfigurations.

GitHubEmbed

Описание

MCP server for Cursor that scans codebases for security issues including hardcoded secrets, SAST, vulnerable dependencies, and IaC misconfigurations.

README

CI PyPI Python

A portable MCP server for security scanning — works with any AI coding assistant that supports the Model Context Protocol: Cursor, VS Code, Claude Desktop, Windsurf, Zed, Continue, and more.

Scan codebases for hardcoded secrets, SAST issues, vulnerable dependencies, and IaC misconfigurations — one install, one normalized report format.

The built-in custom scanner works with no extra tools. Install optional CLIs for broader coverage (below).

Quick start

Requires Python 3.11+. If pip install secscan-mcp says "No matching distribution found", your default python3 is likely too old — use python3.11 -m pip install secscan-mcp or install Python 3.11+ first.

1. Install from PyPI:

pip install secscan-mcp
# or explicitly:
python3.11 -m pip install secscan-mcp

Or run without installing (requires uv):

uvx secscan-mcp

For MCP config with uvx, use "command": "uvx" and "args": ["secscan-mcp"] — see setup guide.

Install from source
git clone https://github.com/openjkai/secscan_mcp.git
cd secscan_mcp && pip install .

2. Add to your IDE — pick your client:

IDE / client Config file Guide
Cursor ~/.cursor/mcp.json setup →
VS Code .vscode/mcp.json setup →
Claude Desktop OS-specific (see guide) setup →
Claude Code ~/.claude/settings.json setup →
Windsurf ~/.codeium/windsurf/mcp_config.json setup →
Others Full setup guide

Minimal config (works in Cursor, Claude Desktop, Windsurf):

{
  "mcpServers": {
    "secscan": {
      "command": "uvx",
      "args": ["secscan-mcp"]
    }
  }
}

If you installed with pip install secscan-mcp, you can use "command": "secscan-mcp" instead.

3. Verify — ask your agent: "Call list_available_scanners and scan_secrets on this project."

MCP tools

Tool Purpose
list_available_scanners Which engines are installed on this machine
scan_secrets Hardcoded credentials and secrets (optionally scan git commit history)
scan_code SAST (semgrep, bandit)
scan_dependencies Vulnerable packages (osv-scanner)
scan_iac IaC misconfigurations (checkov)
scan_all All available scanners, one unified report
explain_finding Remediation hints for a rule_id

Most scan tools accept path (directory to scan) and optional severity_threshold (critical, high, medium, low, info).

scan_secrets also accepts include_git_history (boolean). When true, scans past git commits for secrets removed from the working tree but still present in history — no extra tools required beyond git.

Optional scanners

Install any of these to extend coverage. Missing CLIs are skipped — the server still runs.

Engine Category Install (example)
gitleaks secrets brew install gitleaks
semgrep SAST pip install semgrep
bandit SAST (Python) pip install bandit
osv-scanner dependencies brew install osv-scanner
checkov IaC pip install checkov

After installing, run list_available_scanners again to confirm.

Example prompts

  • "Call list_available_scanners and tell me what's installed."
  • "Run scan_secrets with include_git_history on this repo — check if any secrets were ever committed."
  • "Run scan_all with severity_threshold high and summarize the findings."
  • "Explain the rule internal-api-key."

Configuration

Environment variables (optional):

Variable Default Description
SECSCAN_DEFAULT_TIMEOUT_SECONDS 300 Per-engine scan timeout
SECSCAN_MAX_FINDINGS 500 Max findings per report
SECSCAN_GIT_MAX_COMMITS 500 Max commits scanned in git history mode

Pass via MCP config env block — see setup guide.

Development

make install-dev   # editable install + dev tools
make check         # lint + typecheck + test

See docs/CONTRIBUTING.md and PLAN.md.

License

MIT

from github.com/openjkai/secscan_mcp

Установить Secscan в Claude Desktop, Claude Code, Cursor

Рекомендуется · одна команда, все IDE
unyly install secscan-mcp

Ставит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.

Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh

Или настроить вручную

Выполни в терминале:

claude mcp add secscan-mcp -- uvx secscan-mcp

FAQ

Secscan MCP бесплатный?

Да, Secscan MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Secscan?

Нет, Secscan работает без API-ключей и переменных окружения.

Secscan — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Secscan в Claude Desktop, Claude Code или Cursor?

Открой Secscan на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Secscan with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development