Skip to main content
Glama

Security MCP Server

by michoo
GitHub
MIT License
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Security MCP Server

Objectives

This repository is a simple MCP server's PoC to test and evaluate the Model Context Protocol (MCP) technology and integration. It facilitated the assessment of integrating security tools within an IDE environment and demonstrated the advantages of leveraging generative AI to support remediation workflows based on report findings.

What is MCP?

The Model Context Protocol (MCP) is a standard that streamlines interaction between AI models and various tools via a client-server architecture:

  • MCP Clients (e.g., VSCode) connect to MCP Servers to request actions on behalf of the model.

  • MCP Servers provide tools with defined functionalities using a clear and structured interface.

  • MCP standardizes communication through message protocols for tool discovery, invocation, and response handling.

Example Use Case:
A file system MCP server might enable interaction with tools for reading, writing, or searching files and directories. Analogously, GitHub's MCP server can list repositories, create pull requests, or manage issues.

By standardizing model-tool interactions, MCP eliminates the need for custom integrations between each model and each tool. It also extends the capabilities of your AI assistant by allowing new MCP servers to integrate seamlessly into your workspace.

👉 For more details, explore the Model Context Protocol specification.

Features

  • MCP Server performing security scans:

    • Secret detection:

      • nosey parker

      • kingfisher (wip)

      • gitleaks

    • SCA:

      • trivy (that one includes IaC)

      • osv-scanner

      • sca fixes

    • SAST:

      • opengrep

    • DAST:

      • nuclei

      • zaproxy

  • Remediation suggestions based on findings and leveraging genAI

  • Guinea-pig project for testing

Examples

Patch proposual

MCP Example

Full test report and recommendations

MCP Example analysis

Security in MCP Server

MCP implementations focus on security to provide safe interactions between tools, clients, and servers. However, not all IDEs or MCP's server provide the same level of security.

To learn more about security considerations for MCP, refer to:
🔗 Security Tips for VSCode Extensions and Copilot

Installation

Prerequisites

You’ll need the following tools and packages:

Steps

  1. Set up the environment:

    mkdir .venv uv sync

  2. Run the server:

    uv run mcp_server.py # or source .venv/bin/activate python mcp_server.py

    Once the server is running, it will be available on:

    http://127.0.0.1:8000/mcp

  3. Configure your MCP client:
    Update the client settings to connect to the running MCP server.

Debugging the MCP Server with a Web Inspector

If you wish to debug or inspect your MCP server, you can use the MCP Inspector:

npx @modelcontextprotocol/inspector

This launches a GUI-based tool for debugging and inspecting the behavior of your MCP server.

Guinea-pig

This is a dedicated project to test the MCP server.

IDE Compatibility and Recommendations

Visual Studio Code

GitHub Copilot:

  1. Authenticate with GitHub Copilot.

  2. Open the guinea-pig project in VSCode.

  3. Enable the extension:
    Navigate to Extensions → MCP Servers → Installed → Start Server.

Usability Note: Results are functional, but the user experience might need more refinement.

Local Ollama Integration:

To use Ollama with VSCode, install the Continue.dev plugin. Configuration is straightforward, but the experience might not be as seamless compared to Copilot.

Cursor IDE

Cursor works well in building plans, applying changes, and delivering detailed feedback.
👍 Best IDE experience so far in terms of usability and results!

PyCharm

Currently, MCP servers using HTTP are not compatible with PyCharm.

License

MIT License

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Enables security scanning of codebases through integrated tools for secret detection, SCA, SAST, and DAST vulnerabilities, with AI-powered remediation suggestions based on findings.

  1. Objectives
    1. What is MCP?
      1. Features
        1. Examples
          1. Patch proposual
          2. Full test report and recommendations
        2. Security in MCP Server
          1. Installation
            1. Prerequisites
            2. Steps
          2. Debugging the MCP Server with a Web Inspector
            1. Guinea-pig
              1. IDE Compatibility and Recommendations
                1. Visual Studio Code
                2. Cursor IDE
                3. PyCharm
              2. License

                New MCP Servers

                MCP directory API

                We provide all the information about MCP servers via our MCP API.

                curl -X GET 'https://glama.ai/api/mcp/v1/servers/michoo/security_mcp'

                If you have feedback or need assistance with the MCP directory API, please join our Discord server