Sentinel MCP Server
Sentinel is an enterprise-grade security server that integrates tools like Semgrep, Trivy, and Gitleaks via Docker to perform automated vulnerability scanning and compliance checks. It enables users to conduct static analysis, secret detection, and AI-powered threat modeling directly through Model Context Protocol-compatible IDEs.
README
Sentinel MCP Server
Sentinel is a robust, enterprise-grade Security MCP (Model Context Protocol) Server designed for reliability, compliance, and easy integration with IDEs like VS Code and Antigravity.
π‘οΈ Features
- Robust Execution: Automatic retries for Docker commands, graceful timeout handling, and custom error reporting.
- Compliance Ready: Built-in support for CIS Benchmark scanning via Trivy.
- Structured Logging: All logs are output in JSON format for easy parsing and monitoring.
- Dockerized Tools: Runs all security tools in isolated Docker containersβno local tool installation required.
π§° Included Tools
| Tool | Function | Docker Image |
|---|---|---|
| Semgrep | SAST (Static Analysis) | returntocorp/semgrep (Rules: OWASP Top 10, CWE Top 25, Security Audit) |
| Trivy | SCA & Compliance | aquasec/trivy |
| Grype | SCA (Vulnerability Scanning) | anchore/grype |
| Gitleaks | Secret Scanning | zricethezav/gitleaks |
| OWASP ZAP | DAST (Web Scanning) | owasp/zap2docker-stable |
| ClamAV | Malware Scanning | clamav/clamav |
| Schemathesis | API Fuzzing | schemathesis/schemathesis:stable |
| EOL Scanner | Runtime/Framework EOL Checks | Built-in (endoflife.date API) |
| Crypto Scanner | SSL/TLS Compliance | drwetter/testssl.sh |
| AI Threat Modeler | STRIDE Analysis | Built-in (LLM Powered + Code Context + Mermaid DFD) |
π Getting Started
Prerequisites
- Docker: Must be installed and running.
- Python: Version 3.13 or higher.
Installation
-
Clone the repository (if applicable) or navigate to the project directory:
cd sentinel-mcp-server -
Create a virtual environment:
python3 -m venv .venv source .venv/bin/activate -
Install dependencies:
pip install .
Running the Server
To start the MCP server manually (for testing):
mcp run python src/sentinel/server.py
Manual Scanning (CLI)
You can also scan any project directory directly from the terminal using the included utility script:
# Scan a specific project directory
python3 scan_project.py /path/to/your/project
# Run only specific scans (e.g., secrets)
python3 scan_project.py /path/to/your/project --type secrets
π» IDE Configuration
VS Code
To use Sentinel with the MCP Servers extension in VS Code, add the following to your MCP settings file (typically ~/Library/Application Support/Code/User/globalStorage/mcp-servers.json):
{
"mcpServers": {
"sentinel": {
"command": "/Users/pranjalsharma/Documents/SourceCode/appsec/sentinel-mcp-server/.venv/bin/python3",
"args": [
"/Users/pranjalsharma/Documents/SourceCode/appsec/sentinel-mcp-server/src/sentinel/server.py"
],
"env": {
"SENTINEL_LOG_LEVEL": "INFO"
}
}
}
}
Replace /ABSOLUTE/PATH/TO/... with the actual full path to your project directory.
βοΈ Configuration
You can configure Sentinel using environment variables:
| Variable | Description | Default |
|---|---|---|
SENTINEL_LOG_LEVEL |
Logging level (DEBUG, INFO, WARN, ERROR) | INFO |
SENTINEL_DOCKER_TIMEOUT |
Timeout for Docker commands in seconds | 600 |
SENTINEL_SEMGREP_IMAGE |
Custom Docker image for Semgrep | returntocorp/semgrep |
SENTINEL_TRIVY_IMAGE |
Custom Docker image for Trivy | aquasec/trivy |
SENTINEL_GRYPE_IMAGE |
Custom Docker image for Grype | anchore/grype |
SENTINEL_TESTSSL_IMAGE |
Custom Docker image for testssl.sh | drwetter/testssl.sh |
SENTINEL_SCHEMATHESIS_IMAGE |
Custom Docker image for Schemathesis | schemathesis/schemathesis:stable |
SENTINEL_LLM_API_KEY |
API Key for AI Threat Modeling (e.g., OpenAI) | None (Falls back to heuristic) |
SENTINEL_LLM_MODEL |
LLM Model to use | gpt-4o |
ποΈ Project Structure
src/sentinel/
βββ core/ # Core logic (logging, exceptions, config)
βββ services/ # Business logic (scanners, compliance)
βββ tools/ # Tool execution (Docker runner)
βββ server.py # Main MCP entry point
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.