mcp-osv (gleicon)
MCP server for code security reviews using OSV.dev supply-chain data plus Gitleaks secret detection.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for mcp-osv (gleicon), derived from its capabilities.
AIVSS 7.3 ยท High
View MAESTRO 7-layer threat model โOverview
mcp-osv is an MCP server that enables code security reviews by querying the OSV.dev Open Source Vulnerabilities database and integrating Gitleaks v8 with 100+ built-in rules for credential and API-key detection. It communicates over stdin/stdout via MCP. Combining supply-chain vuln lookup with local secret scanning defines its data and source-reading surface.
Key features
- OSV.dev supply-chain vulnerability lookups
- Gitleaks secret detection (100+ rules)
- stdio MCP transport
Use cases
- Review dependencies for known vulnerabilities
- Scan a repo for leaked credentials