|
|
--- |
|
|
title: Security Mcp Tools |
|
|
emoji: 🛡️ |
|
|
colorFrom: gray |
|
|
colorTo: pink |
|
|
sdk: gradio |
|
|
sdk_version: 5.33.1 |
|
|
app_file: app.py |
|
|
pinned: false |
|
|
license: mit |
|
|
tags: |
|
|
- mcp-server-track |
|
|
- bandit |
|
|
- security-scanner |
|
|
- code-analysis |
|
|
- modal |
|
|
short_description: on-demand security analysis for Python code |
|
|
--- |
|
|
|
|
|
## Bandit Security Scanner (via Modal MCP) |
|
|
|
|
|
This Gradio application provides an interface to scan Python code for common security vulnerabilities using **Bandit**. The analysis is performed by a Bandit tool running on a [Modal Labs](https://modal.com) Multi-Compute-Platform (MCP) server. |
|
|
|
|
|
### How to Use |
|
|
|
|
|
1. **Input Parameters**: |
|
|
* The input field expects a JSON object. |
|
|
* This JSON object **must** contain a key named `"code"` whose value is the Python code string you want to analyze. |
|
|
* An example is pre-filled for convenience: |
|
|
```json |
|
|
{ |
|
|
"code": "import subprocess\n\n# Example of a potential security risk with subprocess\nsubprocess.call(\"ls -l\", shell=True)" |
|
|
} |
|
|
``` |
|
|
|
|
|
2. **Submit**: Click the "Submit" button. |
|
|
|
|
|
3. **Output**: |
|
|
* The application will send the code to the Bandit tool on the Modal MCP server. |
|
|
* The results of the Bandit analysis will be displayed as a JSON object in the output field. This JSON will typically include: |
|
|
* `tool`: "bandit" |
|
|
* `issues`: A list of security issues found, with details like issue text, severity, confidence, line number, and test ID. |
|
|
* `files_analyzed`: Number of files analyzed (usually 1 for the provided code snippet). |
|
|
* Any errors encountered during the process or stderr output from Bandit. |
|
|
|
|
|
### Configuration |
|
|
|
|
|
For this application to function correctly, the `MODAL_MCP_ENDPOINT` environment variable must be set. This variable should point to your deployed Modal function that handles MCP tool execution (e.g., the `/execute_tool` endpoint). |
|
|
|
|
|
* Create a `.env` file in the `mcp_deploy` directory (or the root of your Space if deploying to Hugging Face Spaces and it's not automatically picked up from this directory). |
|
|
* Add the following line to the `.env` file, replacing the placeholder with your actual Modal endpoint URL: |
|
|
``` |
|
|
MODAL_MCP_ENDPOINT="https://your-username--mcp-server-app-execute-tool.modal.run" |
|
|
``` |
|
|
|
|
|
If the `MODAL_MCP_ENDPOINT` is not set or is incorrect, the application will display an error message upon submission. |
|
|
|
|
|
### Note |
|
|
This application is specifically configured to use the "bandit" tool on the MCP server. |
|
|
|
|
|
### Future works |
|
|
Add more security tools and expose them through this mcp server. |
