Mycop

Provides AI-powered scanning, explanations, and auto-fix for multi-language codebases via an MCP server.
  • rust

2

GitHub Stars

rust

Language

4 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "abdumajidrashidov-mycop": {
      "command": "mycop",
      "args": [
        "mcp"
      ]
    }
  }
}

You can run mycop as an MCP server to enable agentic code tools to scan, explain, and fix security findings directly within your AI-assisted workflow. This MCP server exposes a compact, standard interface that agent clients can call to perform scans, fixes, reviews, and dependency checks, making your AI coding assistants more secure and productive.

How to use

You connect an MCP-capable client to the mycop MCP server to access scanning, fixing, and review capabilities from your AI tools. Start the server command from your environment, then configure your client to point at the provided MCP endpoint. The server exposes core actions you can invoke from your agent: scan, fix, review, and check_deps. Use these to integrate automated security checks into your AI-driven development flow, enabling immediate vulnerability discovery, AI-assisted remediation, and deeper security assessments of your code.

How to install

Prerequisites: Rust tooling installed to build or run the package locally, and an environment where you can execute commands from your shell.

Install a local MCP-capable instance of mycop by running the following steps in your terminal.

# Install via cargo if you already have Rust tooling set up locally
cargo install mycop

# Or, build from source if you prefer to compile directly
# (clone, then install from the local path)
git clone https://github.com/AbdumajidRashidov/mycop.git
cd mycop
cargo install --path .

# Start the MCP server locally for agent integration
# The server runs as a standard input/output (stdio) process
mycop mcp

Configuration and usage with MCP clients

The MCP server is designed to work with agentic tools like Claude Code, Cursor, Windsurf, and other MCP-enabled clients. Use the provided integration snippets to configure each client to spawn or connect to the MCP server as shown in the examples.

Configure in Claude Code

{ "mcpServers": { "mycop": { "command": "mycop", "args": ["mcp"] } } }


Configure in Cursor

{ "mcpServers": { "mycop": { "command": "mycop", "args": ["mcp"], "type": "stdio" } } }


Configure in Windsurf

{ "mcpServers": { "mycop": { "command": "mycop", "args": ["mcp"] } } }


Works with any MCP-compatible client including Codex CLI, Gemini CLI, and other agentic IDEs.

Inline ignore

Suppress specific findings with inline comments in supported languages.

Python

eval(user_input) # mycop-ignore

mycop-ignore:PY-SEC-005

eval(user_input)

eval(user_input) # mycop-ignore:PY-SEC-005,PY-SEC-001


JavaScript/TypeScript/Go/Java

eval(user_input) // mycop-ignore

## AI providers and overrides

mycop can use several AI providers in a defined order, with the option to override per command.

AI provider order (default): Claude CLI, Anthropenic API, OpenAI API, Ollama, Rule-based fallback

Override with --ai-provider as needed:

mycop scan . --explain --ai-provider anthropic
mycop fix . --ai-provider ollama

Configuration

Create a project configuration to control which findings to report and how fixes are applied. A sample configuration supports ignore patterns, minimum severity, and per-command AI provider overrides.

ignore:
  - "**/*_test.py"
  - "**/test_*.py"
  - "**/*.test.js"
  - "**/*.spec.ts"
  - "**/node_modules/**"
  - "**/venv/**"

min_severity: medium

fail_on: high

# ai_provider: anthropic

Security rules and output formats

mycop ships with 200 built-in rules spanning Python, JavaScript, Go, and Java, covering OWASP Top 10 and CWE Top 25, with SARIF and JSON outputs available for integration.

Output formats:
- Terminal
- JSON
- SARIF

Integrations and automation

If you want to run automated scans in CI or connect to your favorite IDE, you can use MCP-based integrations and CI actions.

GitHub Action example (scan only):

  • name: mycop Security Scan uses: AbdumajidRashidov/mycop/action@main with: paths: '.' fail-on: 'high' format: 'sarif'
## Docker usage

Run mycop in a container to scan your current directory.

docker run --rm -v "$(pwd):/src" -w /src ghcr.io/abdumajidrashidov/mycop scan .

With specific options

docker run --rm -v "$(pwd):/src" -w /src ghcr.io/abdumajidrashidov/mycop scan . --format json --severity high

## Tools exposed by the MCP server

The MCP interface exposes several tools to interact with mycop capabilities from your agent. These include scanning, listing rules, explaining findings, performing deep reviews, and checking dependencies.

## Available tools

### scan

Scan files/directories for security vulnerabilities with optional severity filtering and formatting.

### list\_rules

List all 200 built-in security rules and filter by language or severity.

### explain\_finding

Provide AI-assisted explanations of a specific finding with CWE/OWASP context.

### review

Deep AI-powered security review of a single file to uncover logic flaws and architectural issues.

### check\_deps

Detect hallucinated packages in dependencies to ensure integrity.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
Mycop MCP Server - abdumajidrashidov/mycop | VeilStrat