- Home
- MCP servers
- GoThreatScope
GoThreatScope
- go
2
GitHub Stars
go
Language
4 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"anotherik-gothreatscope": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-v",
"$PWD:/workspace",
"gothreatscope:latest",
"--mcp"
],
"env": {
"GTS_DEBUG": "0",
"GTS_QUIET": "1",
"GTS_MCP_MODE": "1",
"GTS_KEEP_HISTORY": "1",
"GTS_DISABLE_METRICS": "<GTS_DISABLE_METRICS>",
"GOTHREATSCOPE_METRICS_URL": "https://metrics.example.com/collect"
}
}
}
}GoThreatScope functions as an MCP server that exposes its security analysis results to IDEs and AI assistants through structured JSON. It lets you query SBOMs, vulnerability reports, and secret findings using natural language, enabling seamless integration with editors like Cursor or VS Code to drive AI-assisted security insights directly from your local project data.
How to use
You will start the MCP server to enable tool-backed queries from your editor or AI assistant. Once running in MCP mode, you can ask it to analyze a repository, generate an SBOM, check for vulnerabilities, and scan for secrets. The server returns structured JSON artifacts that your editor can fetch and reason over without re-running scans.
How to install
Prerequisites you need before running are Go 1.21 or newer and optional Gitleaks v8+ for secret scanning. You can install the Go binary or run the containerized MCP server as shown.
Install the Go binary locally by building or installing from source.
GoThreatScope MCP server commands and configuration
To start the MCP mode using a container, run the following command. This launches the MCP server inside a Docker container and enables MCP endpoints for editors and LLM integrations.
docker run --rm -i -v "$PWD":/workspace gothreatscope:latest --mcp
Note: Podman users can run the equivalent with Podman by replacing docker with podman in the command.
## Additional notes
All MCP interactions expose resources that point to local artifacts saved under the gothreatscope\_store directory. MCP tools are accessed via an editor or compatible client that supports the MCP protocol, and you can fetch SBOMs, vulnerability reports, secrets findings, and metrics as file URLs.
## Security and usage notes
The MCP server operates locally and uses file-based storage for artifacts. Ensure that access to the gothreatscope\_store directory is restricted to trusted users, as the artifacts may contain sensitive information such as vulnerability details and secret findings.
## Available tools
### analyzeRepo
Runs the full pipeline from SBOM generation through vulnerability and secrets analysis for a given path.
### scanRepoSBOM
Generates an SBOM for the repository and returns its file URI.
### vulnCheck
Checks dependencies for vulnerabilities and malicious packages using OSV.dev.
### secretScan
Scans for secrets using Gitleaks or the built-in secret scanner.