- Home
- MCP servers
- Mycop
Mycop
- rust
2
GitHub Stars
rust
Language
4 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"abdumajidrashidov-mycop": {
"command": "mycop",
"args": [
"mcp"
]
}
}
}You can run mycop as an MCP server to enable agentic code tools to scan, explain, and fix security findings directly within your AI-assisted workflow. This MCP server exposes a compact, standard interface that agent clients can call to perform scans, fixes, reviews, and dependency checks, making your AI coding assistants more secure and productive.
How to use
You connect an MCP-capable client to the mycop MCP server to access scanning, fixing, and review capabilities from your AI tools. Start the server command from your environment, then configure your client to point at the provided MCP endpoint. The server exposes core actions you can invoke from your agent: scan, fix, review, and check_deps. Use these to integrate automated security checks into your AI-driven development flow, enabling immediate vulnerability discovery, AI-assisted remediation, and deeper security assessments of your code.
How to install
Prerequisites: Rust tooling installed to build or run the package locally, and an environment where you can execute commands from your shell.
Install a local MCP-capable instance of mycop by running the following steps in your terminal.
# Install via cargo if you already have Rust tooling set up locally
cargo install mycop
# Or, build from source if you prefer to compile directly
# (clone, then install from the local path)
git clone https://github.com/AbdumajidRashidov/mycop.git
cd mycop
cargo install --path .
# Start the MCP server locally for agent integration
# The server runs as a standard input/output (stdio) process
mycop mcp
Configuration and usage with MCP clients
The MCP server is designed to work with agentic tools like Claude Code, Cursor, Windsurf, and other MCP-enabled clients. Use the provided integration snippets to configure each client to spawn or connect to the MCP server as shown in the examples.
Configure in Claude Code
{ "mcpServers": { "mycop": { "command": "mycop", "args": ["mcp"] } } }
Configure in Cursor
{ "mcpServers": { "mycop": { "command": "mycop", "args": ["mcp"], "type": "stdio" } } }
Configure in Windsurf
{ "mcpServers": { "mycop": { "command": "mycop", "args": ["mcp"] } } }
Works with any MCP-compatible client including Codex CLI, Gemini CLI, and other agentic IDEs.
Inline ignore
Suppress specific findings with inline comments in supported languages.
Python
eval(user_input) # mycop-ignore
mycop-ignore:PY-SEC-005
eval(user_input)
eval(user_input) # mycop-ignore:PY-SEC-005,PY-SEC-001
JavaScript/TypeScript/Go/Java
eval(user_input) // mycop-ignore
## AI providers and overrides
mycop can use several AI providers in a defined order, with the option to override per command.
AI provider order (default): Claude CLI, Anthropenic API, OpenAI API, Ollama, Rule-based fallback
Override with --ai-provider as needed:
mycop scan . --explain --ai-provider anthropic
mycop fix . --ai-provider ollama
Configuration
Create a project configuration to control which findings to report and how fixes are applied. A sample configuration supports ignore patterns, minimum severity, and per-command AI provider overrides.
ignore:
- "**/*_test.py"
- "**/test_*.py"
- "**/*.test.js"
- "**/*.spec.ts"
- "**/node_modules/**"
- "**/venv/**"
min_severity: medium
fail_on: high
# ai_provider: anthropic
Security rules and output formats
mycop ships with 200 built-in rules spanning Python, JavaScript, Go, and Java, covering OWASP Top 10 and CWE Top 25, with SARIF and JSON outputs available for integration.
Output formats:
- Terminal
- JSON
- SARIF
Integrations and automation
If you want to run automated scans in CI or connect to your favorite IDE, you can use MCP-based integrations and CI actions.
GitHub Action example (scan only):
- name: mycop Security Scan uses: AbdumajidRashidov/mycop/action@main with: paths: '.' fail-on: 'high' format: 'sarif'
## Docker usage
Run mycop in a container to scan your current directory.
docker run --rm -v "$(pwd):/src" -w /src ghcr.io/abdumajidrashidov/mycop scan .
With specific options
docker run --rm -v "$(pwd):/src" -w /src ghcr.io/abdumajidrashidov/mycop scan . --format json --severity high
## Tools exposed by the MCP server
The MCP interface exposes several tools to interact with mycop capabilities from your agent. These include scanning, listing rules, explaining findings, performing deep reviews, and checking dependencies.
## Available tools
### scan
Scan files/directories for security vulnerabilities with optional severity filtering and formatting.
### list\_rules
List all 200 built-in security rules and filter by language or severity.
### explain\_finding
Provide AI-assisted explanations of a specific finding with CWE/OWASP context.
### review
Deep AI-powered security review of a single file to uncover logic flaws and architectural issues.
### check\_deps
Detect hallucinated packages in dependencies to ensure integrity.