Security Scanner

v1.0.0Securitystable

This pattern describes how to implement a Model Context Protocol (MCP) server that integrates three industry-standard security scanning tools (Checkov, Semgrep, and Bandit) to provide comprehensive code security analysis. The server enables AI coding

sample-mcp-security-scannermcpai-integration
Share:
14
Stars
0
Downloads
0
Weekly
0/5

What is Security Scanner?

Security Scanner is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to this pattern describes how to implement a model context protocol (mcp) server that integrates three industry-standard security scanning tools (checkov, semgrep, and bandit) to provide comprehensive co...

This pattern describes how to implement a Model Context Protocol (MCP) server that integrates three industry-standard security scanning tools (Checkov, Semgrep, and Bandit) to provide comprehensive code security analysis. The server enables AI coding

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • This pattern describes how to implement a Model Context Prot

Use Cases

Integrate Checkov, Semgrep, and Bandit for comprehensive code scanning.
Analyze infrastructure and code security with multiple tools.
Enable AI to provide integrated security recommendations.
aws-samples

Maintainer

LicenseMIT-0
Languagepython
Versionv1.0.0
UpdatedMay 19, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx sample-mcp-security-scanner

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Security Scanner

The Sample MCP Security Scanner is a Python-based MCP server from AWS Samples that integrates four industry-standard security tools — Checkov, Semgrep, Bandit, and ASH (Amazon Security Hub scanner) — into a single MCP interface. It enables AI coding assistants to perform real-time security analysis on infrastructure-as-code, application source code, and generated code snippets, providing unified findings across Terraform, CloudFormation, Kubernetes, Dockerfiles, Python, JavaScript, Java, Go, and more.

Prerequisites

  • Python 3.9+ and pip installed
  • Docker installed (required for ASH scanner; optional for other tools)
  • Claude Desktop or another MCP-compatible client
  • Git to clone the repository
1

Clone the repository

Clone the AWS sample repository to your local machine.

git clone https://github.com/aws-samples/sample-mcp-security-scanner.git
cd sample-mcp-security-scanner
2

Install the security scanning tools

Install Checkov, Semgrep, and Bandit via pip. ASH runs as a Docker container and does not require a separate pip install.

pip install checkov semgrep bandit fastmcp
3

Set environment variables

Configure the workspace root and optional log level. WORKSPACE_ROOT tells the scanner where your project files are located.

export WORKSPACE_ROOT=/path/to/your/project
export FASTMCP_LOG_LEVEL=ERROR   # or DEBUG for troubleshooting
4

Configure Claude Desktop

Add the security scanner MCP server to your Claude Desktop configuration file.

{
  "mcpServers": {
    "security-scanner": {
      "command": "python",
      "args": ["/absolute/path/to/sample-mcp-security-scanner/server.py"],
      "env": {
        "WORKSPACE_ROOT": "/absolute/path/to/your/project",
        "FASTMCP_LOG_LEVEL": "ERROR"
      }
    }
  }
}
5

Restart Claude Desktop and run your first scan

Restart Claude Desktop after saving the config. You can now ask Claude to scan code or infrastructure files using Checkov, Semgrep, Bandit, or the combined ASH scanner.

# Available MCP tools:
# checkov_scan    - IaC scanning (Terraform, CloudFormation, K8s, Dockerfile)
# semgrep_scan    - Multi-language source code analysis
# bandit_scan     - Python-specific security detection
# ash_scan        - Comprehensive multi-tool scan (runs all tools in parallel)

Security Scanner Examples

Client configuration

Complete Claude Desktop configuration for the MCP Security Scanner server.

{
  "mcpServers": {
    "security-scanner": {
      "command": "python",
      "args": [
        "/Users/yourname/projects/sample-mcp-security-scanner/server.py"
      ],
      "env": {
        "WORKSPACE_ROOT": "/Users/yourname/projects/my-app",
        "FASTMCP_LOG_LEVEL": "ERROR"
      }
    }
  }
}

Prompts to try

Security scanning prompts to use with Claude after configuring the MCP server.

- "Scan the current Terraform files and report any security issues"
- "Generate a CloudFormation template for an S3 bucket with proper security settings and scan it"
- "Create a Python Lambda function that writes to DynamoDB and scan it for vulnerabilities"
- "Scan lines 20-60 of main.py with Bandit and explain any findings"
- "Run a full ASH scan on this project and summarize the critical findings"

Troubleshooting Security Scanner

checkov, semgrep, or bandit commands not found

Install the tools in the same Python environment that will run the MCP server: 'pip install checkov semgrep bandit'. If using a virtual environment, ensure it is activated when Claude Desktop launches the server, or specify the full path to the Python binary.

ASH scanner fails with Docker errors

ASH requires Docker to be running. Start the Docker daemon and ensure your user has permission to run Docker commands (add yourself to the 'docker' group on Linux: 'sudo usermod -aG docker $USER' then log out and back in).

Scan returns no results for existing files

Verify that WORKSPACE_ROOT is set to the correct absolute path of your project. The scanner resolves file paths relative to WORKSPACE_ROOT. Use DEBUG log level (FASTMCP_LOG_LEVEL=DEBUG) to see which paths are being scanned.

Frequently Asked Questions about Security Scanner

What is Security Scanner?

Security Scanner is a Model Context Protocol (MCP) server that this pattern describes how to implement a model context protocol (mcp) server that integrates three industry-standard security scanning tools (checkov, semgrep, and bandit) to provide comprehensive code security analysis. the server enables ai coding It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Security Scanner?

Follow the installation instructions on the Security Scanner GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Security Scanner?

Security Scanner works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Security Scanner free to use?

Yes, Security Scanner is open source and available under the MIT-0 license. You can use it freely in both personal and commercial projects.

Security Scanner Alternatives — Similar Security Servers

Looking for alternatives to Security Scanner? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "sample-mcp-security-scanner": { "command": "npx", "args": ["-y", "sample-mcp-security-scanner"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Security Scanner?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides