Back to Home
Trust MCP Serverv2.1Available

Trust MCP Server

Security scanning for AI-native development. Scan websites, GitHub repos, and code snippets directly from Claude Desktop, Claude Code, Cursor, or any MCP-compatible tool.

No Installation Required

HTTP transport - just add the URL to your config. 9 tools + 3 resources available instantly.

Add to Your Environment

~/Library/Application Support/Claude/claude_desktop_config.json(Windows: %APPDATA%\Claude\claude_desktop_config.json)
{
  "mcpServers": {
    "trust-security": {
      "type": "http",
      "url": "https://trust-mcp-knnd76vaqq-du.a.run.app/mcp"
    }
  }
}

Available Tools & Resources9 tools + 3 resources

URL Scanning

scan_and_wait

Recommended

Scan a website and return results with AI analysis

"Scan https://my-app.com for vulnerabilities"

scan_url

Start a URL scan (non-blocking, returns scan ID)

"Start scanning https://my-app.com"

get_scan_result

Get results of a URL scan by scan ID

"Get results for scan abc-123"

Repo Scanning

scan_repo_and_wait

Recommended

Scan a GitHub repo for secrets, code issues, and vulnerable dependencies

"Scan github.com/owner/repo for security issues"

scan_repo

Start a repo scan (non-blocking, returns scan ID)

"Start scanning owner/repo"

get_repo_scan_result

Get results of a repo scan by scan ID

"Get repo scan results for abc-123"

Code Analysis

analyze_code_security

Analyze code for vulnerabilities and exposed secrets (37+ patterns)

"Is this code vulnerable to SQL injection?"

check_secrets

Scan code for exposed API keys, tokens, and credentials (20+ patterns)

"Check this config for exposed secrets"

Fix Planning

get_fix_plan

Get a structured fix plan with before/after code for scan vulnerabilities

"Get fix plan for scan abc-123"

Resources (Context)

trust://scans/latest

New

Read your most recent scan result — score, grade, vulnerability count

Auto-loaded as context by AI agents

trust://scans/history

New

Last 10 scan results with targets, scores, and dates

Auto-loaded as context by AI agents

trust://security/posture

New

Aggregated security posture — avg score, trend, grade distribution

Auto-loaded as context by AI agents

How to Use

Scan a live website

"Scan https://my-app.com for security vulnerabilities"

Trust sends 5,000+ real HTTP requests to detect live vulnerabilities (SQLi, XSS, misconfigurations). Returns a score, grade, and AI-analyzed fix suggestions.

Scan a GitHub repo

"Check owner/repo for exposed secrets and vulnerable dependencies"

Clones the repo and runs SAST + secret detection + SCA across every file. Finds API keys, hardcoded passwords, and known CVEs in packages.

Analyze code inline

"Is this code safe?" (paste or select your code)

Runs 37 detection patterns locally — no code leaves your machine. Catches SQL injection, eval(), exposed secrets, weak crypto, and more.

Get a fix plan

"Give me a fix plan for scan abc-123, critical and high only"

Returns structured before/after code diffs and step-by-step fix instructions for each vulnerability. Ready to apply directly in your IDE.

Auto-context with Resources

New

MCP Resources are automatically available as context to AI agents. Your agent can read your latest scan result, full history, and security posture without any action from you.

trust://scans/latest— Latest scan score, grade, and vulnerability count
trust://scans/history— Last 10 scans with targets and scores
trust://security/posture— Avg score, trend direction, grade distribution
Learn about MCP