A Model Context Protocol (MCP) server for analyzing GitLab repositories and performing security assessments.
Configuration
View docs{
"mcpServers": {
"athapong-argus": {
"command": "uvx",
"args": [
"--from",
"git+https://github.com/athapong/argus",
"argus"
],
"env": {
"PATH": "<PATH>",
"SKIP_SYSTEM_CHECK": "YOUR_VALUE"
}
}
}
}Argus is an MCP server that analyzes code repositories, runs multi-language quality checks, and performs security scans to help you improve code quality and security across projects using a single, scalable workflow.
You interact with Argus through an MCP client to analyze repositories, detect languages, run static checks, and perform security scans. Start by pointing Argus at a repository, choose the analysis you want, and review structured reports that cover code quality, language-specific findings, and security issues. You can run analyses on multiple branches, compare changes, and generate comprehensive results that guide remediation.
Prerequisites you need before installing Argus include Python 3.8 or newer, Git, and the libmagic library. You also need a functioning target operating system (macOS or Linux) to install system dependencies.
# macOS
brew install libmagic
# Linux (Ubuntu/Debian)
sudo apt-get update
sudo apt-get install -y libmagic1Install Argus using the MCP runtime. Run the following command to install and start Argus through the MCP runtime interface.
uvx argusOptional: if you need to run Argus from a specific configuration, you can use the MCP command channel described in the configuration examples. Ensure you have internet access and the MCP runtime installed on your system.
Argus provides a configuration snippet that defines how the server is started, which operations are allowed, and how long the server can run before timing out. Use the following JSON snippet to configure the MCP client or orchestrator to initialize Argus with the appropriate runtime parameters.
{
"command": "uvx",
"args": [
"--from",
"git+https://github.com/athapong/argus",
"argus"
],
"alwaysAllow": [
"get_commit_history",
"enumerate_branches",
"compare_git_changes",
"analyze_code_quality",
"security_scan_repository"
],
"timeout": 300
}You can control system checks and PATH management through environment variables. For example, set SKIP_SYSTEM_CHECK to bypass system dependency checks during initial setup. Argus will also automatically adjust PATH to include newly installed toolchain binaries.
Argus supports a range of language-specific analysis tools and a security scanner. Core capabilities include multi-language support, branch-aware analysis, commit history insights, repository structure visualization, and comprehensive security reports.
If you encounter dependency installation issues, Argus will emit warnings and attempt graceful fallbacks. Language detection will fall back to the explicitly provided language if automatic detection fails, and tool execution errors will be reported in the results structure.
Go language complexity analysis used alongside golangci-lint in multi-language analysis
Go static analysis tool for code quality and linting
Java static analysis to identify potential problems and code quality issues
Python linting tool for code quality and style checks
Python security scanner focusing on known vulnerabilities and risky patterns
JavaScript/TypeScript linting tool to enforce code quality and consistency
Security scanner for vulnerability detection in container images and files
Function to analyze repository structure and generate insights
Function to perform language-appropriate quality checks across supported languages
Function to run security scans on a repository and produce reports
Retrieve commit history for a repository
List branches within the repository
Compare changes between two branches or commits