MCP Code Analyzer

MCP orchestrator for code security, quality, and architecture analysis. This tool coordinates multiple MCP servers to provide comprehensive code analysis.

Features

• Security Analysis: Vulnerability scanning via Semgrep, Trivy
• Code Quality: Linting via ESLint, SonarQube
• Dependency Analysis: Vulnerability scanning via Snyk, npm audit
• Architecture Analysis: Complexity metrics, dead code detection
• Knowledge Graph: Semantic code analysis, impact analysis
• Scoring System: 0-100 scores with A-F grades
• Historical Trends: Track improvements over time

Architecture

┌─────────────────────────────────────────────────────────────────────┐
│                      Interfaces                                     │
├─────────────┬─────────────────────┬─────────────────────────────────┤
│   CLI       │    REST API         │    MCP Server (for Claude)      │
└─────────────┴─────────────────────┴─────────────────────────────────┘
                              │
                    ┌─────────▼─────────┐
                    │  MCP ORCHESTRATOR │
                    │  - Client Manager │
                    │  - Job Scheduler  │
                    │  - Retry Logic    │
                    │  - Normalizer     │
                    │  - Score Engine   │
                    └─────────┬─────────┘
                              │
        ┌─────────────────────┼─────────────────────┐
        │                     │                     │
   ┌────▼────┐          ┌─────▼─────┐         ┌────▼────┐
   │ Semgrep │          │  ESLint   │         │  Snyk   │
   │  Trivy  │          │ SonarQube │         │npm audit│
   └─────────┘          └───────────┘         └─────────┘

Installation

npm install -g mcp-code-analyzer

Or run directly with npx:

npx mcp-code-analyzer analyze ./my-project

Usage

CLI

# Analyze a local project
mcp-analyze analyze ./my-project

# Analyze a GitHub repository
mcp-analyze analyze https://github.com/user/repo

# Specify scanners
mcp-analyze analyze ./my-project --scanners security,quality

# Generate report
mcp-analyze report <analysis-id> --format md

# View history
mcp-analyze history ./my-project

# Compare analyses
mcp-analyze compare <id1> <id2>

# Start REST API
mcp-analyze serve --port 3000

# Start MCP server (for Claude)
mcp-analyze mcp

MCP Integration (Claude Desktop)

Add to your Claude Desktop config:

{
  "mcpServers": {
    "code-analyzer": {
      "command": "npx",
      "args": ["-y", "mcp-code-analyzer", "mcp"]
    }
  }
}

MCP Integration (Claude Code)

Claude Code supports MCP servers at two scopes:

Project-level (single project)

Create a .mcp.json file in your project root:

{
  "mcpServers": {
    "mcp-security": {
      "command": "node",
      "args": ["/path/to/mcp_security/dist/cli/index.js", "mcp"],
      "cwd": "/path/to/mcp_security"
    }
  }
}

This makes the MCP server available only when working in that specific project.

User-level (all projects)

Add to your ~/.claude.json file:

{
  "mcpServers": {
    "mcp-security": {
      "command": "node",
      "args": ["/path/to/mcp_security/dist/cli/index.js", "mcp"],
      "cwd": "/path/to/mcp_security"
    }
  }
}

This makes the MCP server available globally across all your projects.

After configuration

1. Restart VSCode (or start a new Claude Code conversation)
2. The MCP tools will be available as mcp__mcp-security__<tool_name>

MCP Tools

Scoring

Each category is scored 0-100:

Grades: A (90-100), B (80-89), C (70-79), D (60-69), F (<60)

Configuration

Create .mcp-analyzer.json in your project root:

{
  "servers": {
    "semgrep": { "enabled": true },
    "eslint": { "enabled": true },
    "snyk": { "enabled": false }
  },
  "scoring": {
    "weights": {
      "security": 0.4,
      "quality": 0.3,
      "dependencies": 0.2,
      "architecture": 0.1
    }
  }
}

Development

# Install dependencies
npm install

# Build
npm run build

# Run in development
npm run dev

# Run tests
npm test

# Type check
npm run typecheck

License

MIT