Skip to main content

TridentChain Security — local-first supply chain vulnerability scanner for project, system, and extensions.

Project description

TridentChain Security

Local-first vulnerability scanner for project dependencies, developer tools, and IDE extensions.
Uses multi-source intelligence (OSV, NVD, GHSA, Sonatype) with KEV/EPSS prioritization.

No API key required for default usage.

Public repo: https://github.com/DevInder1/supply-chain-scanner-public


Install (plug and play)

pip3 install tridentchain-security
npm install -g @tridentchain/security-cli
tridentchain-security --help

Agents & MCP (Claude, Cursor, VS Code):

pip3 install "tridentchain-security>=0.1.1" tridentchain-mcp

What you can do: docs/CAPABILITIES.md
Full guide: docs/INSTALL_AND_USE.md
Cross-platform (macOS / Linux / Windows): docs/CROSS_PLATFORM.md
(PyPI: tridentchain-security · npm: @tridentchain/security-cli)

tridentchain-security --scan all --project-path . --output-dir scanner-output

Use in your own Python app

from scanner import run_scan

summary = run_scan(
    project_path=".",
    scan="all",
    run_profile="full",  # no API key required
    output_dir="scanner-output",
)
print(summary["summary"])

Scan profiles

Profile Description
full (default) Project + system + extensions. OSV + NVD without keys.
quick Faster project-focused scan.
offline Local advisory DB only, no network.
Power-user Add GITHUB_TOKEN, NVD_API_KEY, optional SONATYPE_TOKEN for best coverage.

Desktop app (individual application)

No repo clone required if the pip package is installed:

pip3 install tridentchain-security
cd apps/desktop && npm install && npm run start

See apps/desktop/README.md and docs/DISTRIBUTION_VERIFICATION.md.

AI / automation (Claude, OpenAI, Cursor, VS Code, Windsurf, …)

One install, every agent: pip install "tridentchain-security>=0.1.2" tridentchain-mcp

Guide Description
Agent integrations Claude · OpenAI · Cursor · VS Code · Windsurf · Zed · MCP · CLI
Capabilities Everything you can do today
Architecture MCP + unified tools design
./scripts/setup-agent-mcp.sh cursor   # prints setup for your agent

Phase 2 — Claude MCP: pip install tridentchain-mcp · Setup guide · Plugin

Phase 3 — OpenAI + Cursor: examples/openai/ · Cursor setup · .cursor/mcp.json.example

Phase 4 — VS Code (Anthropic MCP): Open repo → MCP ready · VS Code setup · ./scripts/vscode-mcp-install-link.sh · extension

Phase 5 — Validate: tridentchain-security --validate · MCP validate_after_patch · CAPABILITIES.md

Unified tool layer: from scanner.integrations import execute_tool, get_tool_definitions, to_openai_tools


Development

git clone https://github.com/DevInder1/supply-chain-scanner-public.git
cd supply-chain-scanner-public
python3 -m pip install -e .
tridentchain-security --help
python3 -m unittest scanner.tests.test_matcher_ranges -v

Install & use: docs/INSTALL_AND_USE.md
Cross-platform: docs/CROSS_PLATFORM.md
CLI contract: docs/cli-contract.md
Publishing: docs/PUBLISHING.md


Optional API keys (power users)

Variable Purpose
NVD_API_KEY Higher NVD rate limits
GITHUB_TOKEN GHSA advisories
SONATYPE_TOKEN Sonatype Guide advisories

Set in .env or environment variables.


License

MIT — see LICENSE

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tridentchain_security-0.1.3.tar.gz (88.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tridentchain_security-0.1.3-py3-none-any.whl (101.0 kB view details)

Uploaded Python 3

File details

Details for the file tridentchain_security-0.1.3.tar.gz.

File metadata

  • Download URL: tridentchain_security-0.1.3.tar.gz
  • Upload date:
  • Size: 88.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.7

File hashes

Hashes for tridentchain_security-0.1.3.tar.gz
Algorithm Hash digest
SHA256 cac27b2694a88bc396208b557b97a1e42fd02001f8b5175682502cf88168a730
MD5 ca5853e456d29efa083576bfd3687b6d
BLAKE2b-256 7b8d080ba723cc0d4eb4955c1f671b29ee794cc2c379e88afa476aa69c9ab2e2

See more details on using hashes here.

File details

Details for the file tridentchain_security-0.1.3-py3-none-any.whl.

File metadata

File hashes

Hashes for tridentchain_security-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 dbf870c18f6a519240207f9cd94f7a8165f1f02335ba3aa6816ee6749b8a5965
MD5 9b31fc597c4a9cfc5e168aa9684220c9
BLAKE2b-256 cad9f68c0f5c307d185d5285503d31121db3664b0e5181883dd0f7341bece01d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page