Which integrations are available for this server?

Utilizes Aqua Security's Trivy tool for Software Composition Analysis (SCA) and CIS Benchmark compliance scanning. Provides secret scanning for Git repositories using Gitleaks to identify exposed credentials and sensitive data. Generates Data Flow Diagrams (DFD) in Mermaid syntax as part of the AI-driven STRIDE threat modeling analysis. Integrates with OpenAI's LLMs to perform automated threat modeling and security analysis based on code context. Performs security audits against OWASP Top 10 standards using integrated SAST and DAST scanning tools. Executes vulnerability scanning, SCA, and compliance checks via built-in Trivy integration. Runs dynamic application security testing (DAST) for web applications using the integrated OWASP ZAP tool.

How do I use Sentinel MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Sentinel MCP Server scan this project for vulnerabilities and hardcoded secrets" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Sentinel MCP Server

Sentinel is a robust, enterprise-grade Security MCP (Model Context Protocol) Server designed for reliability, compliance, and easy integration with IDEs like VS Code and Antigravity.

🛡️ Features

Robust Execution: Automatic retries for Docker commands, graceful timeout handling, and custom error reporting.
Compliance Ready: Built-in support for CIS Benchmark scanning via Trivy.
Structured Logging: All logs are output in JSON format for easy parsing and monitoring.
Dockerized Tools: Runs all security tools in isolated Docker containers—no local tool installation required.

🧰 Included Tools

Tool	Function	Docker Image
Semgrep	SAST (Static Analysis)	`returntocorp/semgrep` (Rules: OWASP Top 10, CWE Top 25, Security Audit)
Trivy	SCA & Compliance	`aquasec/trivy`
Grype	SCA (Vulnerability Scanning)	`anchore/grype`
Gitleaks	Secret Scanning	`zricethezav/gitleaks`
OWASP ZAP	DAST (Web Scanning)	`owasp/zap2docker-stable`
ClamAV	Malware Scanning	`clamav/clamav`
Schemathesis	API Fuzzing	`schemathesis/schemathesis:stable`
EOL Scanner	Runtime/Framework EOL Checks	Built-in (endoflife.date API)
Crypto Scanner	SSL/TLS Compliance	`drwetter/testssl.sh`
AI Threat Modeler	STRIDE Analysis	Built-in (LLM Powered + Code Context + Mermaid DFD)

🚀 Getting Started

Prerequisites

Docker: Must be installed and running.
Python: Version 3.13 or higher.

Installation

Clone the repository (if applicable) or navigate to the project directory:
```
cd sentinel-mcp-server
```

Create a virtual environment:

python3 -m venv .venv
source .venv/bin/activate

Install dependencies:
```
pip install .
```

Running the Server

To start the MCP server manually (for testing):

mcp run python src/sentinel/server.py

Manual Scanning (CLI)

You can also scan any project directory directly from the terminal using the included utility script:

# Scan a specific project directory
python3 scan_project.py /path/to/your/project

# Run only specific scans (e.g., secrets)
python3 scan_project.py /path/to/your/project --type secrets

💻 IDE Configuration

VS Code

To use Sentinel with the MCP Servers extension in VS Code, add the following to your MCP settings file (typically ~/Library/Application Support/Code/User/globalStorage/mcp-servers.json):

{
  "mcpServers": {
    "sentinel": {
      "command": "/Users/pranjalsharma/Documents/SourceCode/appsec/sentinel-mcp-server/.venv/bin/python3",
      "args": [
        "/Users/pranjalsharma/Documents/SourceCode/appsec/sentinel-mcp-server/src/sentinel/server.py"
      ],
      "env": {
        "SENTINEL_LOG_LEVEL": "INFO"
      }
    }
  }
}

Replace

⚙️ Configuration

You can configure Sentinel using environment variables:

Variable	Description	Default
`SENTINEL_LOG_LEVEL`	Logging level (DEBUG, INFO, WARN, ERROR)	`INFO`
`SENTINEL_DOCKER_TIMEOUT`	Timeout for Docker commands in seconds	`600`
`SENTINEL_SEMGREP_IMAGE`	Custom Docker image for Semgrep	`returntocorp/semgrep`
`SENTINEL_TRIVY_IMAGE`	Custom Docker image for Trivy	`aquasec/trivy`
`SENTINEL_GRYPE_IMAGE`	Custom Docker image for Grype	`anchore/grype`
`SENTINEL_TESTSSL_IMAGE`	Custom Docker image for testssl.sh	`drwetter/testssl.sh`
`SENTINEL_SCHEMATHESIS_IMAGE`	Custom Docker image for Schemathesis	`schemathesis/schemathesis:stable`
`SENTINEL_LLM_API_KEY`	API Key for AI Threat Modeling (e.g., OpenAI)	`None` (Falls back to heuristic)
`SENTINEL_LLM_MODEL`	LLM Model to use	`gpt-4o`

🏗️ Project Structure

src/sentinel/
├── core/           # Core logic (logging, exceptions, config)
├── services/       # Business logic (scanners, compliance)
├── tools/          # Tool execution (Docker runner)
└── server.py       # Main MCP entry point