GoThreatScope MCP Server

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.
1

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal
git clone https://github.com/anotherik/GoThreatScope
cd GoThreatScope

Then follow the repository README for any remaining dependency or build steps before continuing.

2

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal
claude mcp add go-threat-scope -- node "<FULL_PATH_TO_GOTHREATSCOPE>/dist/index.js"

Replace <FULL_PATH_TO_GOTHREATSCOPE>/dist/index.js with the actual folder you prepared in step 1.

README.md

Go-based SBOM, vulnerability, and secret scanner with MCP support.

GoThreatScope

GoThreatScope is a modular, educational security toolchain written in Go.
It generates a lightweight SBOM, checks dependencies against osv.dev for vulnerabilities and known malicious packages, scans for hardcoded secrets (using Gitleaks when available, or a builtin fallback), and records metrics for each run (using pipedream).

This tool also acts as a Model Context Protocol (MCP) server, allowing IDEs such as Cursor or Visual Studio Code to query its results using natural language.
For example, you can ask:

"Analyze my project and show me which dependencies look risky."

The MCP interface exposes tools and resources so other systems or LLMs can retrieve structured SBOMs, vulnerability reports, and secret findings directly from the local filesystem.

Overview

GoThreatScope performs an high-level security inspection of a project directory and organizes the results for both human and automated analysis.

It combines several capabilities into a single workflow:

  • SBOM generation: creates a simple inventory of project dependencies.
  • Vulnerability and malware detection: checks each dependency against osv.dev to identify known vulnerabilities and malicious packages.
  • Secrets detection: searches for API keys, passwords, and private tokens using Gitleaks or a simple builtin fallback scanner.
  • Metrics collection: stores structured metrics for every run, allowing comparison between scans (configured with pipedream).

Each module works independently or as part of the analyze pipeline.
All results are stored locally under gothreatscope_store/ and reused when no changes are detected.

Architecture

GoThreatScope is organized into clear, modular packages.
Each package handles a specific security function or integration point, making the tool easy to extend or reuse in other projects.

GoThreatScope
│
├── cmd/gothreatscope/         # CLI entrypoint and MCP server mode
│   └── main.go                # CLI commands and MCP wiring
│
├── pkg/
│   ├── sbom/                  # SBOM generation logic
│   ├── vuln/                  # OSV-based vulnerability and malware detection
│   ├── secrets/               # Gitleaks and builtin secret scanner
│   ├── analysis/              # Full pipeline and storage/diff logic
│   ├── metrics/               # Local and remote metrics sender
│   └── mcp/                   # MCP tools and resources implementation
│
└── gothreatscope_store/       # Automatically generated per-project store
    └── /
        ├── latest/
        │   ├── sbom.json
        │   ├── vuln.json
        │   ├── secrets.json
        │   ├── metrics.json
        │   └── bundle.json
        └── history/<run_id>/

Each project scanned by GoThreatScope receives its own identifier, derived from the SHA-256 hash of its absolute path. All results are written into that project’s folder under gothreatscope_store/, and new files are only created when differences are detected compared to the previous run.

How It Works

GoThreatScope operates through independent modules that can run individually or together as part of a complete analysis pipeline.

1. Project identification

Every scanned project is assigned a unique identifier derived from the SHA-256 hash of its absolute path.
This ensures consistent tracking across runs without revealing directory names.

2. Persistent storage

Scan results are stored under the gothreatscope_store/ directory, grouped by project ID.
Each module writes its own JSON artifact inside a latest/ folder, and keeps a short history of past results.

gothreatscope_store/
└── a93bf44e3e9c/
    ├── latest/
    │   ├── sbom.json
    │   ├── vuln.json
    │   ├── secrets.json
    │   └── metrics.json
    └── history/20251007T215959Z/

3. Change detection

Before saving, GoThreatScope compares digests (hashes) of the new results with those from the previous run. If there are no changes, the stored files remain untouched, avoiding redundant writes and unnecessary history entries.

4. Metrics and telemetry

Each scan produces a metrics.json file summarizing timing, findings

Tools (4)

analyzePerforms a full security inspection of a project directory including SBOM generation, vulnerability checks, and secret scanning.
get_sbomRetrieves the generated Software Bill of Materials for a scanned project.
get_vulnerabilitiesRetrieves identified vulnerabilities and malicious packages for a project.
get_secretsRetrieves findings from the secret scanner for a project.

Configuration

claude_desktop_config.json
{"mcpServers": {"gothreatscope": {"command": "gothreatscope", "args": ["mcp"]}}}

Try it

Analyze my current project directory and show me which dependencies look risky.
Run a security scan on this project and list any hardcoded secrets found.
Retrieve the latest SBOM for the project located at the current path.
Check the vulnerability report for my project and summarize the most critical issues.

Frequently Asked Questions

What are the key features of GoThreatScope?

Generates lightweight Software Bill of Materials (SBOM) for project dependencies.. Identifies vulnerabilities and malicious packages by checking against OSV.dev.. Scans for hardcoded secrets like API keys and passwords using Gitleaks or a builtin scanner.. Records structured metrics for every scan to allow comparison between runs.. Provides an MCP interface for IDEs to query security findings via natural language..

What can I use GoThreatScope for?

Developers auditing their local project dependencies for known security vulnerabilities.. Security engineers performing automated secret scanning to prevent credential leakage.. Teams maintaining a history of project security posture through persistent scan metrics.. IDE users needing quick, natural language access to project SBOM and vulnerability data..

How do I install GoThreatScope?

Install GoThreatScope by running: go install github.com/anotherik/GoThreatScope/cmd/gothreatscope@latest

What MCP clients work with GoThreatScope?

GoThreatScope works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep GoThreatScope docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all monitoring servers →

Related MCP Servers

Skylos
Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go.
monitoring344 stars
Linux MCP Server
Read-only Linux system administration and diagnostics on RHEL-based systems.
monitoring189 stars
Charles MCP Server
Integrates Charles Proxy with MCP clients for real-time network traffic analysis
monitoring118 stars
HomeButler
All-in-one homelab management MCP server.
monitoring64 stars
Wireshark MCP
Give your AI assistant a packet analyzer.
monitoring55 stars
RenderDoc MCP
Analyze GPU frame captures for graphics debugging and performance analysis.
monitoring42 stars