Sentinel-MCP-Server
Verified Safeby pranjal-lnct
Overview
Integrates various security scanning tools as an MCP server for IDEs, providing SAST, SCA, secret scanning, DAST, malware, EOL, compliance, crypto, and AI-powered threat modeling.
Installation
mcp run python src/sentinel/server.pyEnvironment Variables
- SENTINEL_LOG_LEVEL
- SENTINEL_DOCKER_TIMEOUT
- SENTINEL_SEMGREP_IMAGE
- SENTINEL_TRIVY_IMAGE
- SENTINEL_GRYPE_IMAGE
- SENTINEL_GITLEAKS_IMAGE
- SENTINEL_ZAP_IMAGE
- SENTINEL_CLAMAV_IMAGE
- SENTINEL_TESTSSL_IMAGE
- SENTINEL_SCHEMATHESIS_IMAGE
- SENTINEL_LLM_API_KEY
- SENTINEL_LLM_MODEL
- SENTINEL_LLM_API_BASE
Security Notes
The server's core logic (docker_runner.py) correctly isolates security tool execution via Docker, with robust error handling and retries. Input to external tools (target_path, target_url) is user-controlled, implying trust in the client, but the server itself doesn't introduce obvious internal vulnerabilities. Test resources containing 'eval' and hardcoded secrets are correctly identified as *targets* for the scanner, not part of the server's own codebase.
Similar Servers
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
Reversecore_MCP
Provides a Micro-Agent Control Protocol (MCP) server that wraps various reverse engineering CLI tools and libraries, enabling AI agents to perform binary analysis, malware analysis, and vulnerability research through natural language commands.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
pentest-mcp
This server provides a Model Context Protocol (MCP) interface for professional penetration testing, enabling automated execution and analysis of security tools like Nmap, John the Ripper, Gobuster, and Nikto.