TridentChain Security
БесплатноНе проверенLocal supply-chain CVE scanner via OSV/NVD. Scans deps and IDE extensions. No upload.
Описание
Local supply-chain CVE scanner via OSV/NVD. Scans deps and IDE extensions. No upload.
README
PyPI — tridentchain-security PyPI — tridentchain-mcp PyPI Downloads MCP Registry Python License: MIT Works with Claude · Cursor · VS Code · Windsurf · Zed
Local-first vulnerability scanner for project dependencies, developer tools, and IDE extensions.
Uses multi-source intelligence (OSV, NVD, GHSA, Sonatype) with KEV/EPSS prioritization.
No API key required for default usage.
Public repo: https://github.com/DevInder1/supply-chain-scanner-public
Install (plug and play)
pip3 install tridentchain-security
npm install -g @tridentchain/security-cli
tridentchain-security --help
Agents & MCP (Claude, Cursor, VS Code):
pip3 install "tridentchain-security>=0.1.1" tridentchain-mcp
What you can do: docs/CAPABILITIES.md
Full guide: docs/INSTALL_AND_USE.md
Cross-platform (macOS / Linux / Windows): docs/CROSS_PLATFORM.md
(PyPI: tridentchain-security · npm: @tridentchain/security-cli)
tridentchain-security --scan all --project-path . --output-dir scanner-output
Use in your own Python app
from scanner import run_scan
summary = run_scan(
project_path=".",
scan="all",
run_profile="full", # no API key required
output_dir="scanner-output",
)
print(summary["summary"])
Scan profiles
| Profile | Description |
|---|---|
full (default) |
Project + system + extensions. OSV + NVD without keys. |
quick |
Faster project-focused scan. |
offline |
Local advisory DB only, no network. |
| Power-user | Add GITHUB_TOKEN, NVD_API_KEY, optional SONATYPE_TOKEN for best coverage. |
Desktop app (individual application)
No repo clone required if the pip package is installed:
pip3 install tridentchain-security
cd apps/desktop && npm install && npm run start
See apps/desktop/README.md and docs/DISTRIBUTION_VERIFICATION.md.
AI / automation (Claude, OpenAI, Cursor, VS Code, Windsurf, …)
One install, every agent: pip install "tridentchain-security>=0.1.2" tridentchain-mcp
| Guide | Description |
|---|---|
| Agent integrations | Claude · OpenAI · Cursor · VS Code · Windsurf · Zed · MCP · CLI |
| Capabilities | Everything you can do today |
| Architecture | MCP + unified tools design |
./scripts/setup-agent-mcp.sh cursor # prints setup for your agent
Phase 2 — Claude MCP: pip install tridentchain-mcp · Setup guide · Plugin
Phase 3 — OpenAI + Cursor: examples/openai/ · Cursor setup · .cursor/mcp.json.example
Phase 4 — VS Code (Anthropic MCP): Open repo → MCP ready · VS Code setup · ./scripts/vscode-mcp-install-link.sh · extension
Phase 5 — Validate: tridentchain-security --validate · MCP validate_after_patch · CAPABILITIES.md
Unified tool layer: from scanner.integrations import execute_tool, get_tool_definitions, to_openai_tools
Development
git clone https://github.com/DevInder1/supply-chain-scanner-public.git
cd supply-chain-scanner-public
python3 -m pip install -e .
tridentchain-security --help
python3 -m unittest scanner.tests.test_matcher_ranges -v
Install & use: docs/INSTALL_AND_USE.md
Cross-platform: docs/CROSS_PLATFORM.md
CLI contract: docs/cli-contract.md
Publishing: docs/PUBLISHING.md
Optional API keys (power users)
| Variable | Purpose |
|---|---|
NVD_API_KEY |
Higher NVD rate limits |
GITHUB_TOKEN |
GHSA advisories |
SONATYPE_TOKEN |
Sonatype Guide advisories |
Set in .env or environment variables.
License
MIT — see LICENSE
Установить TridentChain Security в Claude Desktop, Claude Code, Cursor
unyly install tridentchain-securityСтавит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.
Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh
Или настроить вручную
Выполни в терминале:
claude mcp add tridentchain-security -- uvx tridentchain-mcpFAQ
TridentChain Security MCP бесплатный?
Да, TridentChain Security MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для TridentChain Security?
Нет, TridentChain Security работает без API-ключей и переменных окружения.
TridentChain Security — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить TridentChain Security в Claude Desktop, Claude Code или Cursor?
Открой TridentChain Security на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare TridentChain Security with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
