mcp-osv (gleicon)
MCP server for code security reviews using OSV.dev supply-chain data plus Gitleaks secret detection.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for mcp-osv (gleicon), derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
mcp-osv is an MCP server that enables code security reviews by querying the OSV.dev Open Source Vulnerabilities database and integrating Gitleaks v8 with 100+ built-in rules for credential and API-key detection. It communicates over stdin/stdout via MCP. Combining supply-chain vuln lookup with local secret scanning defines its data and source-reading surface.
Key features
- OSV.dev supply-chain vulnerability lookups
- Gitleaks secret detection (100+ rules)
- stdio MCP transport
Use cases
- Review dependencies for known vulnerabilities
- Scan a repo for leaked credentials