Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

SecureVibes

БесплатноНе проверен

Enables AI-powered security scanning of codebases through conversational analysis, allowing users to assess, threat model, code review, DAST test, and generate

GitHubEmbed

Описание

Enables AI-powered security scanning of codebases through conversational analysis, allowing users to assess, threat model, code review, DAST test, and generate security reports using natural language with Claude.

README

A Model Context Protocol server that provides AI-powered security scanning through conversational analysis. Scan codebases for vulnerabilities using natural language with Claude.

Installation

# Clone the repository
git clone https://github.com/your-org/securevibes_mcp.git
cd securevibes_mcp

# Install with uv
uv sync

Configuration

Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "securevibes": {
      "command": "uv",
      "args": ["run", "python", "-m", "securevibes_mcp"],
      "cwd": "/path/to/securevibes_mcp"
    }
  }
}

Security Pipeline

SecureVibes uses a sequential pipeline where each stage builds on the previous:

run_assessment → run_threat_modeling → run_code_review → run_dast → generate_report
      ↓                  ↓                   ↓               ↓              ↓
 SECURITY.md    THREAT_MODEL.json   VULNERABILITIES.json  DAST_*.json  scan_results.json
                                                                       scan_report.md

Usage

1. Run Assessment

Analyzes your codebase and creates a security baseline document.

"Run a security assessment on /path/to/my/project"

Creates: .securevibes/SECURITY.md

2. Run Threat Modeling

Performs STRIDE analysis based on the security document.

"Run threat modeling on /path/to/my/project"

Creates: .securevibes/THREAT_MODEL.json

Options:

  • focus_components: Analyze specific components only

3. Run Code Review

Scans code for vulnerability patterns matching identified threats.

"Run code review on /path/to/my/project"

Creates: .securevibes/VULNERABILITIES.json

Options:

  • focus_components: Scan specific paths only (e.g., ["auth", "api"])

4. Run DAST

Tests confirmed vulnerabilities against a running application.

"Run DAST on /path/to/my/project targeting http://localhost:8080"

Creates: .securevibes/DAST_VALIDATION.json

Options:

  • target_url: Base URL of the running application (required)
  • vulnerability_ids: Test specific vulnerabilities only

5. Generate Report

Compiles all findings into comprehensive reports.

"Generate a security report for /path/to/my/project"

Creates: .securevibes/scan_results.json and .securevibes/scan_report.md

Options:

  • format: Output format - json, markdown, or both (default)

6. Check Status

View the state of all security artifacts:

"What's the scan status for /path/to/my/project"

7. Get Artifact

Retrieve any artifact content:

"Show me the THREAT_MODEL.json for /path/to/my/project"

8. Get Vulnerabilities

Query and filter vulnerability data:

"Show me critical vulnerabilities for /path/to/my/project"
"Get SQL injection vulnerabilities (CWE-89) in /path/to/my/project"
"List vulnerabilities in the auth module"

Options:

  • severity: Filter by minimum severity (critical, high, medium, low)
  • cwe_id: Filter by specific CWE (e.g., "CWE-89")
  • file_path: Filter by file path pattern
  • limit: Maximum results (default: 10)

Example Conversation

User: Run a security assessment on /Users/me/myapp

Claude: I've completed the security assessment. Found 45 files across
Python and JavaScript. Detected Flask and React frameworks.

User: Now do threat modeling

Claude: Identified 12 threats across STRIDE categories:
- 3 critical (authentication, SQL injection, privilege escalation)
- 5 high (XSS, session management, data exposure)
- 4 medium (logging, DoS, input validation)

User: Run code review focusing on the auth module

Claude: Found 5 confirmed vulnerabilities in the auth module:
- VULN-001: Hardcoded credentials in config.py:23
- VULN-002: SQL injection in user_lookup.py:45
...

Artifacts

All artifacts are stored in .securevibes/ within your project:

Artifact Description
SECURITY.md Architecture overview, components, data flows
THREAT_MODEL.json STRIDE threats with severity and CVSS ranges
VULNERABILITIES.json Code findings with file locations and CWE IDs
DAST_VALIDATION.json Exploitability test results from dynamic testing
scan_results.json Comprehensive JSON report with all findings
scan_report.md Human-readable Markdown security report

Development

# Run tests
uv run pytest

# Run with coverage
uv run pytest --cov=securevibes_mcp

# Lint
uv run ruff check .

# Format
uv run ruff format .

License

MIT

from github.com/SimonvanAs/secure-vibes-mcp

Установка SecureVibes

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/SimonvanAs/secure-vibes-mcp

FAQ

SecureVibes MCP бесплатный?

Да, SecureVibes MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для SecureVibes?

Нет, SecureVibes работает без API-ключей и переменных окружения.

SecureVibes — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить SecureVibes в Claude Desktop, Claude Code или Cursor?

Открой SecureVibes на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare SecureVibes with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development