Utilizes Aqua Security's Trivy tool for Software Composition Analysis (SCA) and CIS Benchmark compliance scanning.
Provides secret scanning for Git repositories using Gitleaks to identify exposed credentials and sensitive data.
Generates Data Flow Diagrams (DFD) in Mermaid syntax as part of the AI-driven STRIDE threat modeling analysis.
Integrates with OpenAI's LLMs to perform automated threat modeling and security analysis based on code context.
Performs security audits against OWASP Top 10 standards using integrated SAST and DAST scanning tools.
Executes vulnerability scanning, SCA, and compliance checks via built-in Trivy integration.
Runs dynamic application security testing (DAST) for web applications using the integrated OWASP ZAP tool.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Sentinel MCP Serverscan this project for vulnerabilities and hardcoded secrets"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Sentinel MCP Server
Sentinel is a robust, enterprise-grade Security MCP (Model Context Protocol) Server designed for reliability, compliance, and easy integration with IDEs like VS Code and Antigravity.
π‘οΈ Features
Robust Execution: Automatic retries for Docker commands, graceful timeout handling, and custom error reporting.
Compliance Ready: Built-in support for CIS Benchmark scanning via Trivy.
Structured Logging: All logs are output in JSON format for easy parsing and monitoring.
Dockerized Tools: Runs all security tools in isolated Docker containersβno local tool installation required.
π§° Included Tools
Tool | Function | Docker Image |
Semgrep | SAST (Static Analysis) |
|
Trivy | SCA & Compliance |
|
Grype | SCA (Vulnerability Scanning) |
|
Gitleaks | Secret Scanning |
|
OWASP ZAP | DAST (Web Scanning) |
|
ClamAV | Malware Scanning |
|
Schemathesis | API Fuzzing |
|
EOL Scanner | Runtime/Framework EOL Checks | Built-in (endoflife.date API) |
Crypto Scanner | SSL/TLS Compliance |
|
AI Threat Modeler | STRIDE Analysis | Built-in (LLM Powered + Code Context + Mermaid DFD) |
π Getting Started
Prerequisites
Docker: Must be installed and running.
Python: Version 3.13 or higher.
Installation
Clone the repository (if applicable) or navigate to the project directory:
cd sentinel-mcp-serverCreate a virtual environment:
python3 -m venv .venv source .venv/bin/activateInstall dependencies:
pip install .
Running the Server
To start the MCP server manually (for testing):
Manual Scanning (CLI)
You can also scan any project directory directly from the terminal using the included utility script:
π» IDE Configuration
VS Code
To use Sentinel with the MCP Servers extension in VS Code, add the following to your MCP settings file (typically ~/Library/Application Support/Code/User/globalStorage/mcp-servers.json):
Replace
βοΈ Configuration
You can configure Sentinel using environment variables:
Variable | Description | Default |
| Logging level (DEBUG, INFO, WARN, ERROR) |
|
| Timeout for Docker commands in seconds |
|
| Custom Docker image for Semgrep |
|
| Custom Docker image for Trivy |
|
| Custom Docker image for Grype |
|
| Custom Docker image for testssl.sh |
|
| Custom Docker image for Schemathesis |
|
| API Key for AI Threat Modeling (e.g., OpenAI) |
|
| LLM Model to use |
|