CodeInspectus
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| codeinspectus_scanA | Run a full local security scan of a path: bundled engines (Opengrep SAST, Gitleaks secrets, Trivy SCA/IaC/license) plus CodeInspectus's AI-code-specific checks (client-side secret exposure, Supabase RLS/inverted-auth, prompt-injection sinks). Returns CWE-keyed findings with fix recommendations and compliance tags. Fully offline — zero network egress at scan time. Never writes to your code or repo. |
| codeinspectus_rescanA | Re-run a scan after fixes were applied and diff against a prior scan_id (or the most recent scan of the same path). Reports which findings are resolved, which remain, and which were newly introduced. Use this to verify fixes. Never writes to your code or repo. |
| codeinspectus_compliance_reportA | Produce a per-framework code-level control-coverage view for a prior scan (NIST CSF 2.0, ISO 27001:2022, SOC 2, CIS v8.1, Essential Eight, OWASP Web/LLM). Reports 'X of N code-visible controls have findings' with the code-visible subset as the explicit denominator. This is NOT a compliance audit, certification, or attestation — code-level evidence only. |
| codeinspectus_explain_findingA | Return a deep explanation and full remediation plan for a single finding id from a prior scan: what the weakness is, why it matters, concrete fix steps, and references. |
| codeinspectus_generate_sbomA | Generate a CycloneDX or SPDX SBOM for the target project using Trivy. Writes the SBOM file to the chosen output path and returns its location and component count. Offline. |
| codeinspectus_list_rulesA | List the active detectors and engine versions, the CodeInspectus detection-database version and date, the Trivy vulnerability-DB freshness date, and the custom CodeInspectus AI-code rules currently shipped. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Synvoya/codeinspectus'
If you have feedback or need assistance with the MCP directory API, please join our Discord server