Enables code quality analysis and linting to identify potential issues and maintain standards within analyzed projects.
Supports direct analysis of GitHub repositories to assess code security, quality, and architecture.
Conducts dependency analysis using npm audit to identify and report known vulnerabilities in project packages.
Provides dependency vulnerability scanning to detect and manage security risks within project libraries.
Integrates deep code quality metrics and linting data into the server's comprehensive analysis reports.
Performs security vulnerability scanning as part of the orchestrated analysis workflow.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Code Analyzerrun a full security and quality scan on this project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Code Analyzer
MCP orchestrator for code security, quality, and architecture analysis. This tool coordinates multiple MCP servers to provide comprehensive code analysis.
Features
Security Analysis: Vulnerability scanning via Semgrep, Trivy
Code Quality: Linting via ESLint, SonarQube
Dependency Analysis: Vulnerability scanning via Snyk, npm audit
Architecture Analysis: Complexity metrics, dead code detection
Knowledge Graph: Semantic code analysis, impact analysis
Scoring System: 0-100 scores with A-F grades
Historical Trends: Track improvements over time
Architecture
┌─────────────────────────────────────────────────────────────────────┐
│ Interfaces │
├─────────────┬─────────────────────┬─────────────────────────────────┤
│ CLI │ REST API │ MCP Server (for Claude) │
└─────────────┴─────────────────────┴─────────────────────────────────┘
│
┌─────────▼─────────┐
│ MCP ORCHESTRATOR │
│ - Client Manager │
│ - Job Scheduler │
│ - Retry Logic │
│ - Normalizer │
│ - Score Engine │
└─────────┬─────────┘
│
┌─────────────────────┼─────────────────────┐
│ │ │
┌────▼────┐ ┌─────▼─────┐ ┌────▼────┐
│ Semgrep │ │ ESLint │ │ Snyk │
│ Trivy │ │ SonarQube │ │npm audit│
└─────────┘ └───────────┘ └─────────┘Installation
npm install -g mcp-code-analyzerOr run directly with npx:
npx mcp-code-analyzer analyze ./my-projectUsage
CLI
# Analyze a local project
mcp-analyze analyze ./my-project
# Analyze a GitHub repository
mcp-analyze analyze https://github.com/user/repo
# Specify scanners
mcp-analyze analyze ./my-project --scanners security,quality
# Generate report
mcp-analyze report <analysis-id> --format md
# View history
mcp-analyze history ./my-project
# Compare analyses
mcp-analyze compare <id1> <id2>
# Start REST API
mcp-analyze serve --port 3000
# Start MCP server (for Claude)
mcp-analyze mcpMCP Integration (Claude Desktop)
Add to your Claude Desktop config:
{
"mcpServers": {
"code-analyzer": {
"command": "npx",
"args": ["-y", "mcp-code-analyzer", "mcp"]
}
}
}MCP Integration (Claude Code)
Claude Code supports MCP servers at two scopes:
Project-level (single project)
Create a .mcp.json file in your project root:
{
"mcpServers": {
"mcp-security": {
"command": "node",
"args": ["/path/to/mcp_security/dist/cli/index.js", "mcp"],
"cwd": "/path/to/mcp_security"
}
}
}This makes the MCP server available only when working in that specific project.
User-level (all projects)
Add to your ~/.claude.json file:
{
"mcpServers": {
"mcp-security": {
"command": "node",
"args": ["/path/to/mcp_security/dist/cli/index.js", "mcp"],
"cwd": "/path/to/mcp_security"
}
}
}This makes the MCP server available globally across all your projects.
After configuration
Restart VSCode (or start a new Claude Code conversation)
The MCP tools will be available as
mcp__mcp-security__<tool_name>
Claude Code Tool | Description |
| Run full analysis on a project |
| Get detailed report |
| Compare two analyses |
| View analysis history |
| Get filtered findings |
| Get semantic code graph |
| Analyze impact of changes |
MCP Tools
Tool | Description |
| Run full analysis on a project |
| Get detailed report |
| Compare two analyses |
| View analysis history |
| Get filtered findings |
| Get semantic code graph |
| Analyze impact of changes |
Scoring
Each category is scored 0-100:
Category | Weight |
Security | 35% |
Quality | 25% |
Dependencies | 25% |
Architecture | 15% |
Grades: A (90-100), B (80-89), C (70-79), D (60-69), F (<60)
Configuration
Create .mcp-analyzer.json in your project root:
{
"servers": {
"semgrep": { "enabled": true },
"eslint": { "enabled": true },
"snyk": { "enabled": false }
},
"scoring": {
"weights": {
"security": 0.4,
"quality": 0.3,
"dependencies": 0.2,
"architecture": 0.1
}
}
}Development
# Install dependencies
npm install
# Build
npm run build
# Run in development
npm run dev
# Run tests
npm test
# Type check
npm run typecheckLicense
MIT
This server cannot be installed
Resources
Looking for Admin?
Admins can modify the Dockerfile, update the server description, and track usage metrics. If you are the server author, to access the admin panel.