How do I use AuditShield?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@AuditShield Filter false positives from this Semgrep report" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

AuditShield

by hujiaozhuzhu

Overview Schema Related Servers Score Discussions

Python

Local

Code Audit False Positive Filter MCP Server

代码审计误报过滤MCP服务器，通过三层过滤架构显著降低静态分析工具的误报率。

特性

三层过滤架构

L1: 规则过滤 - 基于白名单/黑名单的快速过滤
- 规则ID过滤
- 文件路径模式匹配
- 代码模式匹配
- 严重程度过滤
L2: 上下文分析 - 死代码检测、安全守卫识别
- 死代码路径检测
- 安全守卫措施识别
- 输入验证逻辑分析
- 数据流分析
L3: ML置信度评分 - 机器学习模型评估
- 特征提取
- 模型训练与推理
- 置信度评分

支持的扫描工具

Semgrep (主力，支持Go/Python/多语言)
Bandit (Python专用)
Gosec (Go专用)

Related MCP server: DevSecOps MCP Server

安装

1. 克隆仓库

git clone https://github.com/your-repo/code-audit-fp-filter.git
cd code-audit-fp-filter

2. 安装依赖

pip install -r requirements.txt

3. 配置

复制示例配置文件：

cp config.json.example config.json

编辑 config.json 根据需要调整配置。

使用

作为MCP服务器运行

stdio模式（推荐）

python main.py --transport stdio

SSE模式

python main.py --transport sse --port 8000

在MCP客户端中配置

在MCP配置文件中添加：

{
  "mcpServers": {
    "code-audit-fp": {
      "command": "python",
      "args": ["/path/to/code-audit-fp-filter/main.py", "--transport", "stdio"],
      "env": {
        "CONFIG_PATH": "/path/to/config.json"
      }
    }
  }
}

调用示例

过滤误报

# 通过MCP客户端调用
result = await mcp_client.call_tool(
    "filter_false_positives",
    scan_results=[
        {
            "tool": "semgrep",
            "rule_id": "python.lang.security.injection.sql-injection",
            "file": "app/database.py",
            "line": 42,
            "code": "cursor.execute(user_input)",
            "severity": "ERROR",
            "message": "SQL injection vulnerability"
        }
    ],
    source_code_dir="/path/to/project",
    filter_level="all",
    confidence_threshold=0.7
)

分析代码上下文

result = await mcp_client.call_tool(
    "analyze_code_context",
    file_path="app/database.py",
    line_number=42,
    context_lines=10,
    check_types=["dead_code", "security_guards", "input_validation"]
)

训练模型

result = await mcp_client.call_tool(
    "train_false_positive_model",
    training_data=[
        {
            "features": {
                "rule_confidence": 0.8,
                "severity_score": 1.0,
                "code_complexity": 0.6,
                "data_flow_length": 5,
                "has_security_guards": 0.0,
                "has_input_validation": 0.0,
                "is_test_code": 0.0,
                "file_depth": 3,
                "line_count": 1
            },
            "is_false_positive": False
        }
    ],
    model_type="random_forest",
    validation_split=0.2
)

配置说明

规则过滤配置

{
  "rule_filter": {
    "enabled": true,
    "global_whitelist": [
      {
        "file_pattern": "*/test/*",
        "reason": "测试代码",
        "confidence": 0.9
      }
    ],
    "global_blacklist": [
      {
        "file_pattern": "*/production/*",
        "reason": "生产环境代码",
        "confidence": 0.9
      }
    ]
  }
}

上下文过滤配置

{
  "context_filter": {
    "enabled": true,
    "security_guard_keywords": ["sanitize", "escape", "validate"],
    "input_validation_keywords": ["isinstance", "len", "range"],
    "false_positive_threshold": 0.5
  }
}

ML过滤配置

{
  "ml_filter": {
    "enabled": true,
    "model_path": "models/false_positive_model.pkl",
    "onnx_model_path": "models/false_positive_model.onnx",
    "confidence_threshold": 0.7
  }
}

开发

项目结构

code-audit-false-positive-filter/
├── code_audit_fp/
│   ├── __init__.py
│   ├── server.py          # MCP服务器实现
│   ├── models.py          # 数据模型
│   └── filters/
│       ├── __init__.py
│       ├── base.py        # 过滤器基类
│       ├── rule_filter.py # L1规则过滤器
│       ├── context_filter.py # L2上下文过滤器
│       └── ml_filter.py   # L3 ML过滤器
├── main.py                # 入口点
├── requirements.txt       # 依赖
├── config.json            # 配置文件
└── README.md              # 说明文档

添加新的过滤规则

在 config.json 中添加规则
实现规则逻辑在 filters/rule_filter.py
添加单元测试

训练自定义ML模型

from code_audit_fp.filters import MLFilter

ml_filter = MLFilter(config)
result = await ml_filter.train_model(
    training_data=your_training_data,
    model_type="random_forest",
    validation_split=0.2
)

性能指标

在4核4G环境下的性能基准：

L1规则过滤: ~1000条/秒
L2上下文分析: ~100条/秒
L3 ML推理: ~50条/秒
内存占用: <500MB (含ML模型)

许可证

MIT License

贡献

欢迎提交Issue和Pull Request！

This server cannot be installed

license - not found

quality - not tested

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

–Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/hujiaozhuzhu/AuditShield'

If you have feedback or need assistance with the MCP directory API, please join our Discord server