- Home
- MCP servers
- Security Analyst
Security Analyst
- go
12
GitHub Stars
go
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"gleicon-mcp-osv": {
"command": "/usr/local/bin/mcp-osv",
"args": []
}
}
}You run an MCP server that combines vulnerability data from OSV.dev with AI-driven security analysis to inspect your codebase. It helps you identify known vulnerabilities, perform basic security checks on code files, and receive security insights from AI models through the MCP protocol. Optional static analysis can be enabled if Semgrep is installed.
How to use
Connect with an MCP client to access vulnerability checks and security analysis tools. Use the available tools to check dependencies for known vulnerabilities and to analyze specific files or code directories. You can query for vulnerabilities in a package or analyze a file to get actionable security insights. The server is designed to work with AI models via MCP, so you can incorporate security checks into your AI-assisted workflows.
How to install
Prerequisites you need before installation:
make deps
make install
Additional content
Configuration and usage notes follow to help you integrate the MCP server into your security tooling and IDEs. The server is designed to run as a local stdio MCP agent, and you can register it with your MCP-enabled AI tools. When Semgrep is installed, the server can perform optional static code analysis; otherwise it will skip that portion.
Key tools this server exposes include vulnerability checking against the OSV.dev database and security analysis of code files.
To enable Cursor or Claude integrations, you include the MCP server configuration in your client settings so the client can reach the local agent via the MCP protocol.
Usage examples for integration
Open your MCP-enabled IDE or assistant and issue requests like: ”Check for vulnerabilities in the package 'express' version '4.17.1'” or ”Analyze the security of the file 'main.go'.” The server will respond with security findings and recommendations.
Available tools
check_vulnerabilities
Check for known vulnerabilities in dependencies using the OSV.dev database. Provide package_name and version to query the vulnerability status.
analyze_security
Analyze code for potential security issues based on OSV.dev. Provide file_path to assess a specific file.