Skip to main content
Glama
JasminGuberinic

code-security-mcp

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
KSM_JAVAYesPath to the java executable
KSM_PLUGIN_JARSYesComma-separated ruleset jar(s) (scanner-all)
KSM_DETEKT_CONFIGNoOptional path to a detekt.yml
KSM_DETEKT_CLI_JARYesPath to the detekt CLI jar

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
security_scanA

Scan Kotlin/JVM code for security issues using a 216-rule analyzer.

Point this at a file or directory. It returns every security finding the analyzer reports — rule id, message, location, and severity — so the agent can fix issues while writing, not after.

Args: path: File or directory to scan (absolute, or relative to the project).

review_diffA

Security-review a unified diff: flag issues the change introduces.

Paste a unified diff (e.g. the output of git diff) after editing Kotlin code. Only findings on lines the diff adds are returned, so the agent sees exactly what its change is responsible for — a self-check before committing.

Args: diff: A unified diff whose file paths are relative to the current project directory.

secure_patternA

Get the secure way to do a risky Kotlin/JVM task, before writing it.

Ask "how do I do X securely" and get vetted before/after snippets and the reason — so the agent writes the safe version the first time.

Args: task: What you want to do, e.g. "create a session cookie", "store a JWT secret", "configure CORS", "read the current user in reactive code". framework: Optional stack to narrow results, e.g. "spring-webflux", "ktor", "vertx". Leave empty to search all frameworks.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/JasminGuberinic/code-security-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server