code-security-mcp
The code-security-mcp server enables AI coding agents to perform security analysis on source code using language-native analyzers. It provides three core capabilities:
security_scan(path)— Scans a file or directory for security vulnerabilities across Kotlin, Java, Python, C#, JavaScript, and TypeScript (using tools like detekt, SpotBugs/FindSecBugs, Bandit, Roslyn, and ESLint). Returns findings with rule ID, message, location, severity, and CWE identifiers.review_diff(diff)— Analyzes a unified diff (e.g., fromgit diff) and returns only the security issues introduced by the proposed changes, acting as a pre-commit self-check so agents know exactly what new vulnerabilities their edits created.secure_pattern(task, framework?)— Provides vetted secure code snippets and explanations for risky tasks before writing them. Supports optional framework filtering (e.g.,spring-webflux,ktor,vertx) to deliver targeted guidance with before/after examples, helping ensure safe code is written the first time.
Provides security analysis for Ktor Kotlin applications, allowing AI agents to scan code for vulnerabilities and obtain secure coding patterns.
Provides security analysis for Quarkus Kotlin applications, allowing AI agents to scan code for vulnerabilities and obtain secure coding patterns.
Provides security analysis for Spring (including WebFlux) Kotlin applications, allowing AI agents to scan code for vulnerabilities and obtain secure coding patterns.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@code-security-mcpWhat's the secure way to create a session cookie in Spring?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
code-security-mcp
A security MCP server for AI coding agents. It gives Claude Code, Cursor, and other agents real security findings while they write, not after — and each language is analyzed by its best native security tool, not one generic scanner stretched across everything.
A specialist, not a generalist. Kotlin is analyzed by detekt with a 216-rule, framework-aware ruleset (Spring, WebFlux, Ktor, Quarkus, Micronaut, Vert.x); Java by SpotBugs + FindSecBugs; Python by Bandit; C# by the Roslyn security analyzers; JS/TS by ESLint + eslint-plugin-security — each the established native security analyzer for its language, routed automatically.
New languages arrive as their own native analyzer — never a single lowest-common-denominator scanner.
Quickstart
git clone https://github.com/JasminGuberinic/code-security-mcp
cd code-security-mcp
python3 -m venv .venv && .venv/bin/pip install -e ".[python]"
# Download the analyzers into an isolated cache (nothing global is touched):
./scripts/setup.sh # Kotlin + Java
./scripts/setup.sh --with-dotnet --with-eslint # + C# and JS/TS (optional)The script prints the claude mcp add … command to paste. Python works out of
the box — the [python] extra installs Bandit.
Related MCP server: Spring Toolkit MCP
Why
Generic assistants and multi-language scanners are shallow on framework idioms —
they don't know that a @GetMapping is missing @PreAuthorize, that a WebClient
trusts all certificates, or that a Vert.x cookie isn't HttpOnly. This server
wraps a 216-rule, framework-aware analyzer (the
kotlin-security-scanner
detekt ruleset) and exposes it to agents through three tools.
Design principle: each language is handled by its best native security analyzer — routed automatically — never a single lowest-common-denominator generic scanner.
Languages
Language | Analyzer | Analyzes |
Kotlin | detekt + the 216-rule framework-aware ruleset | source ( |
Java | SpotBugs + FindSecBugs | compiled bytecode — point at the project root (it finds |
Python | Bandit | source ( |
C# | Roslyn security analyzers | builds the project — point at a |
JavaScript / TypeScript | ESLint + eslint-plugin-security | source ( |
Tools
Tool | What it does |
| Scan a file/directory (Kotlin, Java, Python, C#, or JS/TS) and return every security finding (rule, line, severity, CWE). |
| Review a unified diff and flag only the issues the change introduces — a pre-commit self-check. |
| Get the vetted secure way to do a risky task — before writing it. |
For Kotlin, security_scan returns security findings only — detekt's
built-in style/complexity rules are switched off, so the agent gets signal, not
noise.
Example
"What's the secure way to create a session cookie in Vert.x?"
// secure_pattern(task = "create a session cookie", framework = "vertx") → CWE-614
val cookie = Cookie.cookie("session", token)
.setSecure(true) // only sent over HTTPS
.setHttpOnly(true) // hidden from JavaScript
.setSameSite(CookieSameSite.STRICT)
response.addCookie(cookie)Architecture
Clean, hexagonal (ports & adapters). Dependencies point inward; the domain knows nothing about detekt or MCP.
server.py MCP surface + composition root (knows MCP)
│
application/ use cases: scan / review_diff / secure_pattern
│
domain/ Finding, ScanResult, ports (pure vocabulary)
↑ implemented by
adapters/ DetektAnalyzer, JavaAnalyzer, RoutingAnalyzer,
SARIF & diff parsers, pattern catalogA RoutingAnalyzer sends each target to the analyzers that support it, so the
use cases treat "one language" and "many" identically. Adding a language = one
new adapter implementing the same LanguageAnalyzer port — the domain and use
cases do not change.
Requirements
Python 3.11+
Kotlin: a JDK + the detekt CLI jar + the ruleset jar(s)
Java: a JDK + the SpotBugs jar + the FindSecBugs plugin jar
Python: Bandit (
pip install "code-security-mcp[python]") — no JDK, no jarsC#: the .NET SDK (its Roslyn security analyzers are built in)
JS/TS: Node.js + ESLint with
eslint-plugin-security(andtypescript-eslint)
Each analyzer is optional and enabled independently — configure only the languages you need. (Python auto-enables whenever Bandit is installed.)
Configuration
./scripts/setup.sh fills these in for you and prints the ready-to-paste
command; the reference below is for when you want to point at your own tools.
The server locates its tools through environment variables:
Variable | Meaning |
| Path to the |
| Kotlin: detekt CLI ( |
| Kotlin: comma-separated ruleset jar(s) |
| Kotlin: (optional) path to a |
| Java: SpotBugs engine jar |
| Java: comma-separated plugin jar(s) (FindSecBugs) |
| Java: (optional) comma-separated dependency jars/dirs for more accurate analysis |
| C#: root of the .NET SDK install |
| C#: (optional) NuGet cache dir (keeps restores isolated) |
| C#: (optional) dotnet CLI home dir (keeps state isolated) |
| JS/TS: path to the ESLint executable |
| JS/TS: path to the security flat config (see |
Python needs no variables — install Bandit and it is used automatically.
Use with Claude Code
claude mcp add code-security -s user \
-e KSM_JAVA=/path/to/java \
-e KSM_DETEKT_CLI_JAR=/path/to/detekt-cli-<ver>-all.jar \
-e KSM_PLUGIN_JARS=/path/to/scanner-core.jar,/path/to/scanner-spring-boot.jar,... \
-- /path/to/.venv/bin/code-security-mcpThen ask the agent, e.g. "run security_scan on src/Main.kt" or "review_diff on my staged changes".
Development
python3 -m venv .venv
.venv/bin/pip install -e ".[dev]"
.venv/bin/pytestThe test suite is hermetic — it uses fake analyzers and hand-built SARIF / diff / Bandit-JSON fixtures, so it needs no external analyzer (JDK, detekt, SpotBugs, or Bandit) to run.
Roadmap
Each new language arrives as its own native, framework-aware analyzer adapter (never a generic multi-language scanner):
✅ Kotlin — detekt + the 216-rule framework-aware ruleset.
✅ Java — SpotBugs + FindSecBugs.
✅ Python — Bandit.
✅ C# — Roslyn security analyzers.
✅ JavaScript / TypeScript — ESLint + eslint-plugin-security.
Deeper C# via Security Code Scan (taint analysis).
Zero-setup: auto-resolve the analyzer runtimes and rulesets.
License
MIT — see LICENSE.
Keywords: MCP server, Model Context Protocol, Kotlin security, JVM security, SAST, static analysis, detekt, Spring Security, AI coding agent, Claude Code, Cursor, secure coding.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/JasminGuberinic/code-security-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server