Skip to content

Add mcp-safety-scanner CI (baseline) #3295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TheodorNEngoy wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Add mcp-safety-scanner CI (baseline) #3295

TheodorNEngoy wants to merge 11 commits into from
+89 −0

Conversation

@TheodorNEngoy
Copy link

@TheodorNEngoy TheodorNEngoy commented Feb 6, 2026

Adds a lightweight MCP/tool-server safety scan in CI using TheodorNEngoy/mcp-safety-scanner@v0.

  • Scans src for common footguns (CORS allow-all/reflect, eval/exec, etc.)
  • Uses a committed baseline (.mcp-safety-baseline.json) to avoid noisy legacy findings
  • CI fails only on high+ severity (medium/low show as annotations)

Refresh baseline (no Node required):
docker run --rm -v "/tmp/mcp-servers.2eGvhp:/repo" ghcr.io/theodornengoy/mcp-safety-scanner:v0 /repo/src --write-baseline /repo/.mcp-safety-baseline.json --fail-on=none

@TheodorNEngoy
Copy link
Author

TheodorNEngoy commented Feb 6, 2026

FYI: This adds an MCP security scan workflow using TheodorNEngoy/mcp-safety-scanner@v0 (no secrets). It runs against src/ with a checked-in baseline to avoid legacy noise, and fails CI only on new high-severity findings.\n\nHappy to adjust the baseline scope or pin to a specific tag if you prefer.

@TheodorNEngoy
Copy link
Author

TheodorNEngoy commented Feb 7, 2026

Update: I pinned the workflow to an immutable commit SHA for supply-chain safety (commented with the corresponding version), and set for a read-only token.

@TheodorNEngoy
Copy link
Author

TheodorNEngoy commented Feb 7, 2026

(clarification) Also set GitHub Actions workflow permissions to contents: read (read-only GITHUB_TOKEN).

@TheodorNEngoy
Copy link
Author

TheodorNEngoy commented Feb 8, 2026

FYI: I also opened #3303 to remove the current high-severity findings in the baseline (wildcard CORS in the Everything server HTTP transports). If/when that lands, we can regenerate the baseline to drop those entries (and likely keep only the remaining medium ones).

@TheodorNEngoy TheodorNEngoy mentioned this pull request Feb 8, 2026
Open
@TheodorNEngoy
Copy link
Author

TheodorNEngoy commented Feb 8, 2026

Update: bumped scanner pin to v0.4.9 (false-positive reductions) and regenerated .mcp-safety-baseline.json using baseline v2 fingerprints (includes line/column) to avoid over-suppressing future findings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TheodorNEngoy