scanline
Applies Angular-specific security rulesets for vulnerability scanning.
Adds Django-specific semgrep rules to detect common security issues in Django applications.
Parses SARIF output from ESLint to extract, triage, and diff findings.
Incorporates Express.js security rulesets for scanning Express applications.
Selects FastAPI-specific security rulesets for scanning FastAPI projects.
Applies Flask-specific semgrep rules to identify vulnerabilities in Flask applications.
Uses Laravel-specific rulesets for security scanning of Laravel applications.
Adds Next.js-specific security rulesets for scanning Next.js projects.
Applies React-specific security rulesets to detect vulnerabilities in React applications.
Selects Spring-specific security rulesets for scanning Spring applications.
Uses Symfony-specific rulesets for security scanning of Symfony applications.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@scanlinescan my project for security issues"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
scanline
Security scanning MCP server. Semgrep integration, SARIF parsing, baseline diffing, framework-aware ruleset selection, and automated finding triage.
Problem
Security scanners produce noisy output. scanline wraps semgrep with automatic language and framework detection for smart ruleset selection, parses SARIF from any scanner, diffs against baselines to surface only new findings, and triages results to separate true positives from noise — all as MCP tools with zero configuration.
Related MCP server: secureaudit-mcp
Quick Start
As MCP Server
Works with any MCP-compatible client — Claude Code, Claude Desktop, Cursor, Windsurf, VS Code (Copilot), Continue.dev, Zed, Cline, and more.
{
"mcpServers": {
"scanline": {
"command": "npx",
"args": ["-y", "@mrzadexinho/scanline"]
}
}
}As Library
import {
parseSarif, triageFindings, summarizeTriage,
diffFindings, formatDiffReport,
detectFrameworks, selectRulesetsWithFrameworks
} from '@mrzadexinho/scanline';
import { readFileSync } from 'fs';
// Parse SARIF from any scanner
const sarif = readFileSync('results.sarif', 'utf-8');
const findings = parseSarif(sarif);
// Triage findings with source context
const triaged = triageFindings(findings, {
sourceReader: (path) => readFileSync(path, 'utf-8'),
});
const summary = summarizeTriage(triaged);
console.log(`True positives: ${summary.truePositives}/${summary.total}`);
// Diff against baseline
const baseline = parseSarif(readFileSync('baseline.sarif', 'utf-8'));
const diff = diffFindings(baseline, findings);
console.log(formatDiffReport(diff));MCP Tools
Tool | Description |
| Run semgrep scan with auto language + framework detection and triage |
| Detect languages and frameworks in a directory, suggest rulesets |
| Parse SARIF output from any scanner into structured findings |
| Analyze a specific finding with source context |
| Compare baseline vs current SARIF to find new, fixed, and unchanged findings |
Triage Engine
scanline automatically classifies findings as true or false positives:
Rule | What it catches | Verdict |
Test file | Findings in | False positive |
Example file | Findings in | False positive |
Suppression comment | Lines with | False positive |
Generated code | Files in | False positive |
Dead code | Commented-out lines | False positive |
Input validation | Sanitized/validated input upstream (sanitize, escape, Zod, ORM, parameterized queries) | False positive |
Unreachable code | Code behind | False positive / Uncertain |
Default | No false positive indicators found | True positive |
Conservative by default: when uncertain, findings are classified as true positives.
SARIF Diff
Compare scan results against a baseline to focus on what changed:
New findings — introduced since baseline
Fixed findings — resolved since baseline
Unchanged findings — still present
Fingerprint-based matching for accurate comparison
Markdown report generation
Framework Detection
scanline automatically detects frameworks from project files and adds framework-specific semgrep rulesets:
Framework | Detected by | Ruleset |
Django |
|
|
Flask |
|
|
FastAPI |
|
|
React |
|
|
Next.js |
|
|
Angular |
|
|
Express |
|
|
Rails |
|
|
Spring |
|
|
Laravel |
|
|
Symfony |
|
|
SARIF Support
scanline parses SARIF 2.1.0 from any scanner:
Semgrep — native integration
CodeQL — parse SARIF output
ESLint — with SARIF formatter
Any tool — that outputs standard SARIF
Features: fingerprint-based deduplication, multi-run merging, URI normalization, confidence scoring.
Architecture
scanline/
src/
sarif/ # SARIF parsing layer
types # SarifLog, Finding, TriagedFinding
parser # Parse, deduplicate, merge SARIF
diff # Baseline comparison, diff reports
semgrep/ # Semgrep integration
types # ScanConfig, Language, Framework, rulesets
detector # Language + framework detection, ruleset selection
runner # Build commands, execute scans
triage/ # Finding triage engine
types # TriageContext, TriageRule
rules # 7 triage rules
engine # Apply rules, summarize results
mcp/ # MCP server layer
tools/ # 5 MCP tools
tests/ # 101 tests mirroring src/ structureSupported Languages
Auto-detection and ruleset selection for: TypeScript, JavaScript, Python, Go, Ruby, Java, PHP, C/C++, Rust, Kotlin, Swift, C#
Prerequisites
Node.js >= 20.0.0
Semgrep (for
scan_codetool):pip install semgrepSARIF parsing, diffing, and triage work without semgrep installed
Development
git clone https://github.com/mrzadexinho/scanline.git
cd scanline
npm install
npm run build
npm testLicense
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mrzadexinho/scanline'
If you have feedback or need assistance with the MCP directory API, please join our Discord server