ggmcp
Verified Safeby GitGuardian
Overview
This MCP server enables AI agents to scan code for secrets using GitGuardian's API, manage security incidents, provide remediation steps, and handle honeytoken management, focusing on the developer workflow.
Installation
uvx --from 'git+https://github.com/GitGuardian/ggmcp.git' developer-mcp-serverEnvironment Variables
- GITGUARDIAN_URL
- GITGUARDIAN_PERSONAL_ACCESS_TOKEN
Security Notes
The server implements strong security practices: it uses OAuth 2.0 PKCE for authentication, supports Personal Access Tokens (PATs) via environment variables, and stores sensitive tokens securely with `0o600` file permissions. It carefully handles external `git` commands with `subprocess.run` by setting `cwd` and `timeout`, minimizing risk. Sentry integration is optional for error tracking and performance monitoring, designed to be privacy-focused. No `eval` or obfuscation is observed. Network interactions are confined to the GitGuardian API and a local callback server for OAuth within a defined port range. Overall, the architecture and implementation demonstrate a high level of security awareness.
Similar Servers
copilot-security-instructions
This MCP server provides a toolkit of security-focused prompts and instructions to guide GitHub Copilot towards secure coding practices, helping developers identify and mitigate security risks.
mcp-safe-run
Securely launch Model Context Protocol (MCP) servers by resolving and injecting sensitive credentials from various external sources (environment variables, files, OS keychains) without modifying the server's configuration.
FedRAMP20xMCP
An MCP (Model Context Protocol) server that provides access to FedRAMP 20x security requirements and controls with Azure-first guidance, including automated code analysis for compliance.
memoria
An MCP server that provides AI with contextual memory of a codebase by analyzing git history to reveal hidden file dependencies, assess risk, and prevent regressions.