# MCP-SAST-Server Configuration
# Copy this file to .env and update with your settings
# Server Configuration
API_PORT=6000
DEBUG_MODE=0
# Command Execution Timeouts (in seconds)
# Default timeout for commands (1 hour)
COMMAND_TIMEOUT=3600
# Maximum timeout allowed (24 hours default - can be set higher if needed)
# For scans that take days, increase this value (e.g., 259200 for 3 days)
MAX_TIMEOUT=86400
# Tool-Specific Timeouts (in seconds)
# Increase these values for larger codebases or more thorough scans
# Set to 0 for unlimited timeout (not recommended for production)
# Web Security Tools
NIKTO_TIMEOUT=3600 # 1 hour - Web server vulnerability scanning
SQLMAP_TIMEOUT=7200 # 2 hours - SQL injection testing
WPSCAN_TIMEOUT=3600 # 1 hour - WordPress security scanning
DIRB_TIMEOUT=7200 # 2 hours - Web content discovery
# Network & System Tools
NMAP_TIMEOUT=7200 # 2 hours - Network/port scanning
LYNIS_TIMEOUT=1800 # 30 minutes - System auditing
# Code Analysis Tools
SEMGREP_TIMEOUT=7200 # 2 hours - Multi-language SAST
BANDIT_TIMEOUT=1800 # 30 minutes - Python security scanning
SNYK_TIMEOUT=3600 # 1 hour - Dependency scanning
# Secret & Malware Scanning
TRUFFLEHOG_TIMEOUT=3600 # 1 hour - Secret detection
CLAMAV_TIMEOUT=14400 # 4 hours - Antivirus/malware scanning
# For very large projects or comprehensive scans, consider:
# - NMAP_TIMEOUT=28800 (8 hours for full network scans)
# - SQLMAP_TIMEOUT=21600 (6 hours for thorough SQLi testing)
# - CLAMAV_TIMEOUT=43200 (12 hours for full malware scans)
# - MAX_TIMEOUT=259200 (3 days for extended operations)
# Background Job Configuration
# All scans run in background by default and save results to files
DEFAULT_OUTPUT_DIR=/var/sast-mcp/scan-results # Default directory for scan results
MAX_WORKERS=10 # Maximum concurrent scan jobs
JOB_RETENTION_HOURS=72 # Keep job metadata for 72 hours (3 days)
# Serial Scan Queue Configuration
# Controls how many scans can run simultaneously
MAX_PARALLEL_SCANS=1 # Default: 1 (serial execution, one scan at a time)
# Prevents multiple processes from running when Claude makes multiple requests
# Increase to 2-3 only if you have sufficient resources
SCAN_WAIT_TIMEOUT=1800 # Wait timeout in seconds (default: 1800 = 30 minutes)
# Time a scan will wait for its turn before timing out
# Path Resolution (for Windows/Linux path mapping)
# Adjust these based on your mount configuration
MOUNT_POINT=/mnt/work
WINDOWS_BASE=F:/work
# Examples for different setups:
#
# Example 1: VMware shared folder - F:/work mounted to /mnt/work (RECOMMENDED for this setup)
# MOUNT_POINT=/mnt/work
# WINDOWS_BASE=F:/work
# Result: F:/work/MyProject/file.txt -> /mnt/work/MyProject/file.txt
# F:/work/scan-results/output.json -> /mnt/work/scan-results/output.json
# Use case: You have Windows F:/work/ folder mounted in Kali as /mnt/work
#
# Example 2: VMware shared folder - Entire F: drive mounted to /mnt/work
# MOUNT_POINT=/mnt/work
# WINDOWS_BASE=F:/
# Result: F:/MyProject/file.txt -> /mnt/work/MyProject/file.txt
# F:/work/project/file.txt -> /mnt/work/work/project/file.txt
#
# Example 3: WSL2 mount (specific folder)
# MOUNT_POINT=/mnt/f/work
# WINDOWS_BASE=F:/work
# Result: F:/work/project/file.txt -> /mnt/f/work/project/file.txt
#
# Example 4: Network share
# MOUNT_POINT=/mnt/windows_share
# WINDOWS_BASE=//192.168.1.10/share
#
# Example 5: VirtualBox shared folder
# MOUNT_POINT=/media/sf_work
# WINDOWS_BASE=F:/work
#
