codescene-mcp-server
Verified Safeby codescene-oss
Overview
The server exposes CodeScene's Code Health analysis as local tools to augment AI prompts with code quality insights, facilitate refactoring, and safeguard against technical debt.
Installation
docker run -i --rm -e CS_ACCESS_TOKEN=<YOUR_CS_ACCESS_TOKEN> -e CS_MOUNT_PATH=<HOST_CODE_PATH> --mount type=bind,src=<HOST_CODE_PATH>,dst=/mount/,ro codescene/codescene-mcpEnvironment Variables
- CS_ACCESS_TOKEN
- CS_MOUNT_PATH
Security Notes
The server runs locally in a Docker container, using a read-only bind mount for the codebase, which significantly limits local file interaction risks. Secrets like `CS_ACCESS_TOKEN` are read from environment variables. Outbound network calls are restricted to CodeScene APIs for analysis results and refactoring services. The execution of local CLI tools (`cs` and `git`) via `subprocess.run` is present, but arguments are constructed with validated paths, mitigating injection risks. No 'eval' or obvious obfuscation is found.
Similar Servers
github-mcp-server
Connects AI tools directly to GitHub's platform, enabling agents, assistants, and chatbots to manage repositories, issues, PRs, and workflows through natural language interactions.
code-index-mcp
Provides intelligent code indexing, searching, and analysis capabilities for large language models to understand and navigate codebases.
chunkhound
ChunkHound transforms codebases into searchable knowledge bases for AI assistants, enabling deep semantic and regex-based code research.
CodeGraphContext
An MCP server that indexes local code into a Neo4j graph database to provide real-time, accurate context and relationship analysis to AI assistants for understanding, writing, and refactoring code.