secscan-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| scan_secretsA | Detect hardcoded secrets and credentials in a directory. Runs the built-in custom scanner (no extra tools). When include_git_history is true, also scans past git commits for secrets removed from the working tree but still in history — recommended before push/PR. Uses git_history (built-in) and gitleaks (when installed). |
| scan_codeA | Static analysis (SAST) for code vulnerabilities and unsafe patterns. Uses semgrep and bandit when installed; skips missing engines. |
| scan_dependenciesA | Scan lockfiles and manifests for known vulnerable dependencies (SCA). Uses osv-scanner when installed. |
| scan_iacB | Scan Terraform, CloudFormation, Kubernetes, and other IaC for misconfigurations. Uses checkov when installed. |
| scan_allA | Run every installed scanner (secrets, SAST, dependencies, IaC) and return one unified, deduplicated report. Does not enable git history unless you call scan_secrets separately with include_git_history. |
| list_available_scannersA | List all supported scanners and whether each engine CLI is installed. Call this before scanning to know which tools will run. |
| explain_findingA | Return remediation guidance for a finding rule_id (from any scan result). Covers built-in secret rules; other engines fall back to generic advice. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/openjkai/secscan_mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server