Quick Start
Install mcp-scan, run your first security scan, and understand the results in under five minutes.
MCP Scanner
The Analysis Engine — static security analyzer specialized in MCP servers, detecting 14 vulnerability classes across Python, TypeScript, JavaScript, and Go.
less than a minute
MCP Scanner (mcp-scan) is a purpose-built static security analyzer for Model Context Protocol server implementations. It detects MCP-specific vulnerabilities across 14 classes using pattern matching, taint analysis, and optional AI-powered detection.
Vulnerability Classes
Detailed reference for all 14 vulnerability classes (A-N) detected by mcp-scan, including severity, example patterns, language support, and required analysis mode.
Supported Languages
Language support details for mcp-scan, including file extensions, parser capabilities, and language-specific considerations.
Analysis Modes
Fast mode for CI/CD speed and deep mode for thorough security audits – how each works, what they detect, and when to use them.
CLI Reference
Complete command-line reference for mcp-scan, covering all commands, flags, and usage examples.
Interpreting Results
How to read mcp-scan output, understand findings, taint traces, MSSS scores, and work with baselines for tracking known issues.
CI/CD Integration
Integrate mcp-scan into CI/CD pipelines with GitHub Actions, GitLab CI, and other platforms – including SARIF upload, baseline management, and severity gates.