Skip to main content
Glama

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault

No arguments

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": true
}

Tools

Functions exposed to the LLM to take actions

NameDescription
codeinspectus_scanA

Run a full local security scan of a path: bundled engines (Opengrep SAST, Gitleaks secrets, Trivy SCA/IaC/license) plus CodeInspectus's AI-code-specific checks (client-side secret exposure, Supabase RLS/inverted-auth, prompt-injection sinks). Returns CWE-keyed findings with fix recommendations and compliance tags. Fully offline — zero network egress at scan time. Never writes to your code or repo.

codeinspectus_rescanA

Re-run a scan after fixes were applied and diff against a prior scan_id (or the most recent scan of the same path). Reports which findings are resolved, which remain, and which were newly introduced. Use this to verify fixes. Never writes to your code or repo.

codeinspectus_compliance_reportA

Produce a per-framework code-level control-coverage view for a prior scan (NIST CSF 2.0, ISO 27001:2022, SOC 2, CIS v8.1, Essential Eight, OWASP Web/LLM). Reports 'X of N code-visible controls have findings' with the code-visible subset as the explicit denominator. This is NOT a compliance audit, certification, or attestation — code-level evidence only.

codeinspectus_explain_findingA

Return a deep explanation and full remediation plan for a single finding id from a prior scan: what the weakness is, why it matters, concrete fix steps, and references.

codeinspectus_generate_sbomA

Generate a CycloneDX or SPDX SBOM for the target project using Trivy. Writes the SBOM file to the chosen output path and returns its location and component count. Offline.

codeinspectus_list_rulesA

List the active detectors and engine versions, the CodeInspectus detection-database version and date, the Trivy vulnerability-DB freshness date, and the custom CodeInspectus AI-code rules currently shipped.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Synvoya/codeinspectus'

If you have feedback or need assistance with the MCP directory API, please join our Discord server