Argus — open-source security scanner with many eyes. SAST, DAST, SCA, Secrets, IaC, Terraform, Ansible via CLI and MCP.
Project description
argus-mcp (Python)
An MCP server that gives AI assistants (Claude, Cursor, etc.) the ability to run comprehensive security scans on your codebase.
What It Does
Exposes the following MCP tools for use by any MCP-compatible AI client:
| Tool | Description | Scanners |
|---|---|---|
scan_sast |
Static code analysis | Semgrep, Bandit, ESLint-security |
scan_dast |
Dynamic web app scanning | OWASP ZAP, Nikto |
scan_sca |
Dependency vulnerability scanning | Trivy, Safety, pip-audit, npm audit |
scan_secrets |
Leaked secrets & credentials | Gitleaks, detect-secrets, TruffleHog |
scan_iac |
IaC misconfiguration scanning | Checkov, Trivy config, Terrascan |
scan_container |
Container image scanning | Trivy |
scan_all |
Full scan (all of the above) | All tools |
check_tools |
Check tool availability | — |
Installation
pip install argus-scan
Install with all Python-native security tools:
pip install "argus-scan[all-tools]"
Usage
Run the MCP Server
argus-mcp
The server communicates via stdio (standard MCP transport).
Configure in Cursor / Claude Desktop
Add to your MCP configuration (~/.cursor/mcp.json or claude_desktop_config.json):
{
"mcpServers": {
"argus": {
"command": "argus-scan"
}
}
}
Or with uvx (no installation required):
{
"mcpServers": {
"argus": {
"command": "uvx",
"args": ["argus-scan"]
}
}
}
External Tool Dependencies
The MCP server wraps these external tools. Install the ones you need:
SAST
pip install semgrep bandit flake8 flake8-bandit # Python SAST
npm install -g eslint eslint-plugin-security # JS/TS SAST
DAST
docker pull ghcr.io/zaproxy/zaproxy:stable # OWASP ZAP (recommended)
brew install nikto # Nikto
SCA
# Trivy (cross-platform)
brew install trivy
# OR
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh
pip install safety pip-audit # Python SCA
Secret Scanning
brew install gitleaks trufflehog # macOS
pip install detect-secrets # cross-platform
IaC
pip install checkov # Checkov
brew install terrascan # Terrascan
Example: Ask Claude to Scan Your Code
Once configured, you can ask:
- "Scan
/path/to/myprojectfor security vulnerabilities" - "Check my Python code for OWASP Top 10 issues using Semgrep"
- "Are there any hardcoded secrets in this repository?"
- "Scan my Kubernetes manifests for misconfigurations"
- "Run a full security audit of my codebase"
Development
git clone https://github.com/your-org/argus-mcp
cd argus-mcp/packages/python
pip install -e ".[dev]"
pytest
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file argus_scan-0.1.0.tar.gz.
File metadata
- Download URL: argus_scan-0.1.0.tar.gz
- Upload date:
- Size: 33.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b3ab423f3ada25cae4839adfc0c03bf992ef254a0e81f843316f374a83f69f3a
|
|
| MD5 |
d139213a644012197b28ddced052b216
|
|
| BLAKE2b-256 |
de5b485ce8959fa692c9507700674b31a21020870544ad8ccc714091ee83d2a2
|
File details
Details for the file argus_scan-0.1.0-py3-none-any.whl.
File metadata
- Download URL: argus_scan-0.1.0-py3-none-any.whl
- Upload date:
- Size: 41.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f67a2052803ff6861c6cca618e844217be3683422bffa823c75931011ae206a5
|
|
| MD5 |
ac8ddedbbba3eef53ecb3f6e7310c80b
|
|
| BLAKE2b-256 |
6e601f5ecb41befc7cb46d74407c9a6d65d0793fafdd60cd734e23c2f51b0fe5
|