Skip to main content

Argus — open-source security scanner with many eyes. SAST, DAST, SCA, Secrets, IaC, Terraform, Ansible via CLI and MCP.

Project description

argus-mcp (Python)

An MCP server that gives AI assistants (Claude, Cursor, etc.) the ability to run comprehensive security scans on your codebase.

What It Does

Exposes the following MCP tools for use by any MCP-compatible AI client:

Tool Description Scanners
scan_sast Static code analysis Semgrep, Bandit, ESLint-security
scan_dast Dynamic web app scanning OWASP ZAP, Nikto
scan_sca Dependency vulnerability scanning Trivy, Safety, pip-audit, npm audit
scan_secrets Leaked secrets & credentials Gitleaks, detect-secrets, TruffleHog
scan_iac IaC misconfiguration scanning Checkov, Trivy config, Terrascan
scan_container Container image scanning Trivy
scan_all Full scan (all of the above) All tools
check_tools Check tool availability

Installation

pip install argus-scan

Install with all Python-native security tools:

pip install "argus-scan[all-tools]"

Usage

Run the MCP Server

argus-mcp

The server communicates via stdio (standard MCP transport).

Configure in Cursor / Claude Desktop

Add to your MCP configuration (~/.cursor/mcp.json or claude_desktop_config.json):

{
  "mcpServers": {
    "argus": {
      "command": "argus-scan"
    }
  }
}

Or with uvx (no installation required):

{
  "mcpServers": {
    "argus": {
      "command": "uvx",
      "args": ["argus-scan"]
    }
  }
}

External Tool Dependencies

The MCP server wraps these external tools. Install the ones you need:

SAST

pip install semgrep bandit flake8 flake8-bandit   # Python SAST
npm install -g eslint eslint-plugin-security       # JS/TS SAST

DAST

docker pull ghcr.io/zaproxy/zaproxy:stable         # OWASP ZAP (recommended)
brew install nikto                                  # Nikto

SCA

# Trivy (cross-platform)
brew install trivy
# OR
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

pip install safety pip-audit                        # Python SCA

Secret Scanning

brew install gitleaks trufflehog                   # macOS
pip install detect-secrets                          # cross-platform

IaC

pip install checkov                                 # Checkov
brew install terrascan                              # Terrascan

Example: Ask Claude to Scan Your Code

Once configured, you can ask:

  • "Scan /path/to/myproject for security vulnerabilities"
  • "Check my Python code for OWASP Top 10 issues using Semgrep"
  • "Are there any hardcoded secrets in this repository?"
  • "Scan my Kubernetes manifests for misconfigurations"
  • "Run a full security audit of my codebase"

Development

git clone https://github.com/your-org/argus-mcp
cd argus-mcp/packages/python
pip install -e ".[dev]"
pytest

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

argus_scan-0.1.0.tar.gz (33.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

argus_scan-0.1.0-py3-none-any.whl (41.3 kB view details)

Uploaded Python 3

File details

Details for the file argus_scan-0.1.0.tar.gz.

File metadata

  • Download URL: argus_scan-0.1.0.tar.gz
  • Upload date:
  • Size: 33.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.13

File hashes

Hashes for argus_scan-0.1.0.tar.gz
Algorithm Hash digest
SHA256 b3ab423f3ada25cae4839adfc0c03bf992ef254a0e81f843316f374a83f69f3a
MD5 d139213a644012197b28ddced052b216
BLAKE2b-256 de5b485ce8959fa692c9507700674b31a21020870544ad8ccc714091ee83d2a2

See more details on using hashes here.

File details

Details for the file argus_scan-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: argus_scan-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 41.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.13

File hashes

Hashes for argus_scan-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f67a2052803ff6861c6cca618e844217be3683422bffa823c75931011ae206a5
MD5 ac8ddedbbba3eef53ecb3f6e7310c80b
BLAKE2b-256 6e601f5ecb41befc7cb46d74407c9a6d65d0793fafdd60cd734e23c2f51b0fe5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page