pranjal-lnct/Scurity-MCP-Server
If you are the rightful owner of Scurity-MCP-Server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
Sentinel is a robust, enterprise-grade Security MCP Server designed for reliability, compliance, and easy integration with IDEs like VS Code and Antigravity.
Sentinel MCP Server
Sentinel is a robust, enterprise-grade Security MCP (Model Context Protocol) Server designed for reliability, compliance, and easy integration with IDEs like VS Code and Antigravity.
🛡️ Features
- Robust Execution: Automatic retries for Docker commands, graceful timeout handling, and custom error reporting.
- Compliance Ready: Built-in support for CIS Benchmark scanning via Trivy.
- Structured Logging: All logs are output in JSON format for easy parsing and monitoring.
- Dockerized Tools: Runs all security tools in isolated Docker containers—no local tool installation required.
🧰 Included Tools
| Tool | Function | Docker Image |
|---|---|---|
| Semgrep | SAST (Static Analysis) | returntocorp/semgrep (Rules: OWASP Top 10, CWE Top 25, Security Audit) |
| Trivy | SCA & Compliance | aquasec/trivy |
| Grype | SCA (Vulnerability Scanning) | anchore/grype |
| Gitleaks | Secret Scanning | zricethezav/gitleaks |
| OWASP ZAP | DAST (Web Scanning) | owasp/zap2docker-stable |
| ClamAV | Malware Scanning | clamav/clamav |
| Schemathesis | API Fuzzing | schemathesis/schemathesis:stable |
| EOL Scanner | Runtime/Framework EOL Checks | Built-in (endoflife.date API) |
| Crypto Scanner | SSL/TLS Compliance | drwetter/testssl.sh |
| AI Threat Modeler | STRIDE Analysis | Built-in (LLM Powered + Code Context + Mermaid DFD) |
🚀 Getting Started
Prerequisites
- Docker: Must be installed and running.
- Python: Version 3.13 or higher.
Installation
-
Clone the repository (if applicable) or navigate to the project directory:
cd sentinel-mcp-server -
Create a virtual environment:
python3 -m venv .venv source .venv/bin/activate -
Install dependencies:
pip install .
Running the Server
To start the MCP server manually (for testing):
mcp run python src/sentinel/server.py
Manual Scanning (CLI)
You can also scan any project directory directly from the terminal using the included utility script:
# Scan a specific project directory
python3 scan_project.py /path/to/your/project
# Run only specific scans (e.g., secrets)
python3 scan_project.py /path/to/your/project --type secrets
💻 IDE Configuration
VS Code
To use Sentinel with the MCP Servers extension in VS Code, add the following to your MCP settings file (typically ~/Library/Application Support/Code/User/globalStorage/mcp-servers.json):
{
"mcpServers": {
"sentinel": {
"command": "/Users/pranjalsharma/Documents/SourceCode/appsec/sentinel-mcp-server/.venv/bin/python3",
"args": [
"/Users/pranjalsharma/Documents/SourceCode/appsec/sentinel-mcp-server/src/sentinel/server.py"
],
"env": {
"SENTINEL_LOG_LEVEL": "INFO"
}
}
}
}
Replace /ABSOLUTE/PATH/TO/... with the actual full path to your project directory.
⚙️ Configuration
You can configure Sentinel using environment variables:
| Variable | Description | Default |
|---|---|---|
SENTINEL_LOG_LEVEL | Logging level (DEBUG, INFO, WARN, ERROR) | INFO |
SENTINEL_DOCKER_TIMEOUT | Timeout for Docker commands in seconds | 600 |
SENTINEL_SEMGREP_IMAGE | Custom Docker image for Semgrep | returntocorp/semgrep |
SENTINEL_TRIVY_IMAGE | Custom Docker image for Trivy | aquasec/trivy |
SENTINEL_GRYPE_IMAGE | Custom Docker image for Grype | anchore/grype |
SENTINEL_TESTSSL_IMAGE | Custom Docker image for testssl.sh | drwetter/testssl.sh |
SENTINEL_SCHEMATHESIS_IMAGE | Custom Docker image for Schemathesis | schemathesis/schemathesis:stable |
SENTINEL_LLM_API_KEY | API Key for AI Threat Modeling (e.g., OpenAI) | None (Falls back to heuristic) |
SENTINEL_LLM_MODEL | LLM Model to use | gpt-4o |
🏗️ Project Structure
src/sentinel/
├── core/ # Core logic (logging, exceptions, config)
├── services/ # Business logic (scanners, compliance)
├── tools/ # Tool execution (Docker runner)
└── server.py # Main MCP entry point