Skip to content

Quick Start

Get up and running with MCP-Scan in 5 minutes.

Prerequisites

  • Go 1.24+ (for building from source)
  • Or download pre-built binary from releases

Installation

# Using Go
go install github.com/mcphub/mcp-scan/cmd/mcp-scan@latest

# Or build from source
git clone https://github.com/mcphub/mcp-scan
cd mcp-scan
make build

Your First Scan

1. Basic Scan

Scan your MCP server project:

mcp-scan scan ./my-mcp-server

This runs a fast mode scan and outputs JSON to stdout.

2. Understanding the Output

{
  "findings": [
    {
      "rule_id": "MCP-A003",
      "severity": "critical",
      "confidence": "high",
      "location": {
        "file": "src/tools/execute.py",
        "start_line": 42
      },
      "description": "Direct shell command execution detected",
      "remediation": "Use subprocess with shell=False"
    }
  ],
  "summary": {
    "total": 3,
    "by_severity": {
      "critical": 1,
      "high": 2
    }
  },
  "msss_score": {
    "total": 65.5,
    "level": 1,
    "compliant": true
  }
}

3. Deep Analysis

For more thorough analysis including cross-function taint tracking:

mcp-scan scan ./my-mcp-server --mode deep

Deep Mode

Deep mode enables inter-procedural taint analysis and additional rules for prompt injection, privilege escalation, and cross-tool vulnerabilities.

4. SARIF Output for CI/CD

Generate SARIF output for GitHub Code Scanning:

mcp-scan scan . --output sarif > results.sarif

5. Fail on Severity

Make your CI pipeline fail on high severity findings:

mcp-scan scan . --fail-on high
# Exit code 1 if any high or critical findings

Common Workflows

Development Workflow

# Quick check during development
mcp-scan scan . --mode fast

# Initialize configuration
mcp-scan init
# Edit .mcp-scan.yaml to customize rules

CI/CD Workflow

# Run scan with baseline (ignore accepted findings)
mcp-scan scan . --baseline .mcp-scan-baseline.json --fail-on high

Security Audit Workflow

# Generate comprehensive evidence
mcp-scan scan . --mode deep --output evidence

# View MCP surface
mcp-scan surface .

What's Detected?

MCP-Scan detects 14 classes of vulnerabilities:

Fast Mode Deep Mode Only
A: RCE H: Prompt Injection Flow
B: Path Traversal I: Privilege Escalation
C: SSRF J: Cross-Tool Data Leakage
D: SQL Injection K: Auth Bypass
E: Secrets Exposure
F: Auth Issues
G: Tool Poisoning
L: Lifecycle Issues
M: Hidden Network
N: Supply Chain

Next Steps