playbooks

home / mcp / gothreatscope mcp server

GoThreatScope MCP Server

Provides local security analysis data sources and tools via MCP for editors and AI assistants.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "anotherik-gothreatscope": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-v",
        "$PWD:/workspace",
        "gothreatscope:latest",
        "--mcp"
      ],
      "env": {
        "GTS_DEBUG": "0",
        "GTS_QUIET": "1",
        "GTS_MCP_MODE": "1",
        "GTS_KEEP_HISTORY": "1",
        "GTS_DISABLE_METRICS": "<GTS_DISABLE_METRICS>",
        "GOTHREATSCOPE_METRICS_URL": "https://metrics.example.com/collect"
      }
    }
  }
}

GoThreatScope functions as an MCP server that exposes its security analysis results to IDEs and AI assistants through structured JSON. It lets you query SBOMs, vulnerability reports, and secret findings using natural language, enabling seamless integration with editors like Cursor or VS Code to drive AI-assisted security insights directly from your local project data.

How to use

You will start the MCP server to enable tool-backed queries from your editor or AI assistant. Once running in MCP mode, you can ask it to analyze a repository, generate an SBOM, check for vulnerabilities, and scan for secrets. The server returns structured JSON artifacts that your editor can fetch and reason over without re-running scans.

How to install

Prerequisites you need before running are Go 1.21 or newer and optional Gitleaks v8+ for secret scanning. You can install the Go binary or run the containerized MCP server as shown.

Install the Go binary locally by building or installing from source.

GoThreatScope MCP server commands and configuration

To start the MCP mode using a container, run the following command. This launches the MCP server inside a Docker container and enables MCP endpoints for editors and LLM integrations.

docker run --rm -i -v "$PWD":/workspace gothreatscope:latest --mcp
```

Note: Podman users can run the equivalent with Podman by replacing docker with podman in the command.

Additional notes

All MCP interactions expose resources that point to local artifacts saved under the gothreatscope_store directory. MCP tools are accessed via an editor or compatible client that supports the MCP protocol, and you can fetch SBOMs, vulnerability reports, secrets findings, and metrics as file URLs.

Security and usage notes

The MCP server operates locally and uses file-based storage for artifacts. Ensure that access to the gothreatscope_store directory is restricted to trusted users, as the artifacts may contain sensitive information such as vulnerability details and secret findings.

Available tools

analyzeRepo

Runs the full pipeline from SBOM generation through vulnerability and secrets analysis for a given path.

scanRepoSBOM

Generates an SBOM for the repository and returns its file URI.

vulnCheck

Checks dependencies for vulnerabilities and malicious packages using OSV.dev.

secretScan

Scans for secrets using Gitleaks or the built-in secret scanner.