agentsec-cli 1.0.0__tar.gz → 1.0.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- agentsec_cli-1.0.1/PKG-INFO +137 -0
- agentsec_cli-1.0.1/README.md +109 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/__init__.py +1 -1
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/sarif.py +1 -1
- agentsec_cli-1.0.1/agentsec_cli.egg-info/PKG-INFO +137 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/pyproject.toml +1 -1
- agentsec_cli-1.0.0/PKG-INFO +0 -399
- agentsec_cli-1.0.0/README.md +0 -371
- agentsec_cli-1.0.0/agentsec_cli.egg-info/PKG-INFO +0 -399
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/CHANGELOG.md +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/CODE_OF_CONDUCT.md +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/CONTRIBUTING.md +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/LICENSE +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/MANIFEST.in +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/SECURITY.md +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/baseline.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/cli.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/owasp.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/parsers/__init__.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/parsers/core.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/parsers/json_parser.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/parsers/toml_parser.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/parsers/yaml_parser.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/report.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/rules/__init__.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/rules/additional.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/rules/base.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/scanner.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/utils/__init__.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec/utils/toml_compat.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec_cli.egg-info/SOURCES.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec_cli.egg-info/dependency_links.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec_cli.egg-info/entry_points.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec_cli.egg-info/requires.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/agentsec_cli.egg-info/top_level.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/setup.cfg +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/tests/test_baseline.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/tests/test_compat.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/tests/test_owasp.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.1}/tests/test_scanner.py +0 -0
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: agentsec-cli
|
|
3
|
+
Version: 1.0.1
|
|
4
|
+
Summary: Static security scanner for AI coding agents and MCP configurations
|
|
5
|
+
Author: locface
|
|
6
|
+
License-Expression: MIT
|
|
7
|
+
Project-URL: homepage, https://locface.github.io/AgentSec/
|
|
8
|
+
Project-URL: repository, https://github.com/locface/AgentSec
|
|
9
|
+
Project-URL: documentation, https://locface.github.io/AgentSec/docs/
|
|
10
|
+
Project-URL: changelog, https://github.com/locface/AgentSec/blob/main/CHANGELOG.md
|
|
11
|
+
Classifier: Development Status :: 5 - Production/Stable
|
|
12
|
+
Classifier: Intended Audience :: Developers
|
|
13
|
+
Classifier: Programming Language :: Python :: 3
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
18
|
+
Requires-Python: >=3.10
|
|
19
|
+
Description-Content-Type: text/markdown
|
|
20
|
+
License-File: LICENSE
|
|
21
|
+
Requires-Dist: click<9,>=8.0.0
|
|
22
|
+
Requires-Dist: pyyaml<7,>=6.0
|
|
23
|
+
Requires-Dist: toml<1,>=0.10.2
|
|
24
|
+
Requires-Dist: tomli<3,>=2.0.1; python_version < "3.11"
|
|
25
|
+
Provides-Extra: dev
|
|
26
|
+
Requires-Dist: pytest>=7.0.0; extra == "dev"
|
|
27
|
+
Dynamic: license-file
|
|
28
|
+
|
|
29
|
+
<picture>
|
|
30
|
+
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-dark.svg">
|
|
31
|
+
<img alt="AgentSec" src="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-light.svg">
|
|
32
|
+
</picture>
|
|
33
|
+
|
|
34
|
+
# AgentSec
|
|
35
|
+
|
|
36
|
+
**Static security scanner for AI coding agents and MCP configurations.**
|
|
37
|
+
|
|
38
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
39
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
40
|
+
[](LICENSE)
|
|
41
|
+
[](https://github.com/locface/AgentSec/actions)
|
|
42
|
+
|
|
43
|
+
AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.
|
|
44
|
+
|
|
45
|
+
All findings map to [OWASP Top 10 for LLM Applications](https://genai.owasp.org/) (LLM01–LLM10) and the [OWASP Agentic Security Top 10](https://owasp.org/) (AG01–AG10).
|
|
46
|
+
|
|
47
|
+
## Features
|
|
48
|
+
|
|
49
|
+
- 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
|
|
50
|
+
- OWASP LLM + Agentic mapping on every finding
|
|
51
|
+
- 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
|
|
52
|
+
- CI/CD gating with `--fail-on` (exit code 1 at severity threshold)
|
|
53
|
+
- Baseline comparison for regression tracking
|
|
54
|
+
- Automatic detection of JSON, YAML, TOML, and Markdown configs
|
|
55
|
+
- Zero runtime dependencies beyond the Python standard library
|
|
56
|
+
|
|
57
|
+
## Installation
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
pip install agentsec-cli
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
Requires Python 3.10 or later.
|
|
64
|
+
|
|
65
|
+
## Quick Start
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
# Scan a project
|
|
69
|
+
agentsec scan /path/to/project
|
|
70
|
+
|
|
71
|
+
# Generate SARIF for CI/CD
|
|
72
|
+
agentsec scan . --format sarif > results.sarif
|
|
73
|
+
|
|
74
|
+
# Gate CI on critical findings
|
|
75
|
+
agentsec scan . --fail-on critical
|
|
76
|
+
|
|
77
|
+
# Baseline comparison
|
|
78
|
+
agentsec scan . --update-baseline baseline.json
|
|
79
|
+
agentsec scan . --baseline baseline.json
|
|
80
|
+
|
|
81
|
+
# OWASP mapping
|
|
82
|
+
agentsec scan . --show-owasp
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
Example output:
|
|
86
|
+
|
|
87
|
+
```text
|
|
88
|
+
Scanning /home/user/dev/mcp-project...
|
|
89
|
+
|
|
90
|
+
[CRITICAL] MCP shell execution
|
|
91
|
+
File: claude_desktop_config.json
|
|
92
|
+
Server: shell-server
|
|
93
|
+
Description: MCP server can execute shell commands
|
|
94
|
+
Recommendation: Require explicit approval or remove shell access.
|
|
95
|
+
|
|
96
|
+
[CRITICAL] MCP filesystem write access
|
|
97
|
+
File: claude_desktop_config.json
|
|
98
|
+
Server: filesystem
|
|
99
|
+
Description: MCP server has filesystem write access
|
|
100
|
+
Recommendation: Restrict filesystem access to read-only or specific directories.
|
|
101
|
+
|
|
102
|
+
Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
### Output Formats
|
|
106
|
+
|
|
107
|
+
- **terminal** (default) — human-readable with severity coloring
|
|
108
|
+
- **json** — machine-parseable JSON array of findings
|
|
109
|
+
- **markdown** — formatted report suitable for commit comments
|
|
110
|
+
- **sarif** — SARIF v2.1.0, compatible with GitHub CodeQL
|
|
111
|
+
|
|
112
|
+
### Supported Config Files
|
|
113
|
+
|
|
114
|
+
AgentSec automatically detects and scans these file types:
|
|
115
|
+
|
|
116
|
+
- MCP servers: `mcp.json`, `mcp.yaml`, `mcp.toml`
|
|
117
|
+
- Claude Desktop: `claude_desktop_config.json`
|
|
118
|
+
- Cursor: `.cursorrules`, `.cursor/rules/*`
|
|
119
|
+
- Codex / Cline: `codex.toml`, `.clinerules`
|
|
120
|
+
- Agent instructions: `AGENTS.md`, `CLAUDE.md`
|
|
121
|
+
- Infrastructure: `Dockerfile`, `package.json`
|
|
122
|
+
|
|
123
|
+
## Documentation
|
|
124
|
+
|
|
125
|
+
Full documentation: [https://locface.github.io/AgentSec/docs/](https://locface.github.io/AgentSec/docs/)
|
|
126
|
+
|
|
127
|
+
## Contributing
|
|
128
|
+
|
|
129
|
+
See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, testing, and pull request workflow.
|
|
130
|
+
|
|
131
|
+
## Security
|
|
132
|
+
|
|
133
|
+
Report vulnerabilities privately. See [SECURITY.md](SECURITY.md) for our disclosure policy.
|
|
134
|
+
|
|
135
|
+
## License
|
|
136
|
+
|
|
137
|
+
MIT — see [LICENSE](LICENSE).
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
<picture>
|
|
2
|
+
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-dark.svg">
|
|
3
|
+
<img alt="AgentSec" src="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-light.svg">
|
|
4
|
+
</picture>
|
|
5
|
+
|
|
6
|
+
# AgentSec
|
|
7
|
+
|
|
8
|
+
**Static security scanner for AI coding agents and MCP configurations.**
|
|
9
|
+
|
|
10
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
11
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
12
|
+
[](LICENSE)
|
|
13
|
+
[](https://github.com/locface/AgentSec/actions)
|
|
14
|
+
|
|
15
|
+
AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.
|
|
16
|
+
|
|
17
|
+
All findings map to [OWASP Top 10 for LLM Applications](https://genai.owasp.org/) (LLM01–LLM10) and the [OWASP Agentic Security Top 10](https://owasp.org/) (AG01–AG10).
|
|
18
|
+
|
|
19
|
+
## Features
|
|
20
|
+
|
|
21
|
+
- 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
|
|
22
|
+
- OWASP LLM + Agentic mapping on every finding
|
|
23
|
+
- 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
|
|
24
|
+
- CI/CD gating with `--fail-on` (exit code 1 at severity threshold)
|
|
25
|
+
- Baseline comparison for regression tracking
|
|
26
|
+
- Automatic detection of JSON, YAML, TOML, and Markdown configs
|
|
27
|
+
- Zero runtime dependencies beyond the Python standard library
|
|
28
|
+
|
|
29
|
+
## Installation
|
|
30
|
+
|
|
31
|
+
```bash
|
|
32
|
+
pip install agentsec-cli
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
Requires Python 3.10 or later.
|
|
36
|
+
|
|
37
|
+
## Quick Start
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
# Scan a project
|
|
41
|
+
agentsec scan /path/to/project
|
|
42
|
+
|
|
43
|
+
# Generate SARIF for CI/CD
|
|
44
|
+
agentsec scan . --format sarif > results.sarif
|
|
45
|
+
|
|
46
|
+
# Gate CI on critical findings
|
|
47
|
+
agentsec scan . --fail-on critical
|
|
48
|
+
|
|
49
|
+
# Baseline comparison
|
|
50
|
+
agentsec scan . --update-baseline baseline.json
|
|
51
|
+
agentsec scan . --baseline baseline.json
|
|
52
|
+
|
|
53
|
+
# OWASP mapping
|
|
54
|
+
agentsec scan . --show-owasp
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Example output:
|
|
58
|
+
|
|
59
|
+
```text
|
|
60
|
+
Scanning /home/user/dev/mcp-project...
|
|
61
|
+
|
|
62
|
+
[CRITICAL] MCP shell execution
|
|
63
|
+
File: claude_desktop_config.json
|
|
64
|
+
Server: shell-server
|
|
65
|
+
Description: MCP server can execute shell commands
|
|
66
|
+
Recommendation: Require explicit approval or remove shell access.
|
|
67
|
+
|
|
68
|
+
[CRITICAL] MCP filesystem write access
|
|
69
|
+
File: claude_desktop_config.json
|
|
70
|
+
Server: filesystem
|
|
71
|
+
Description: MCP server has filesystem write access
|
|
72
|
+
Recommendation: Restrict filesystem access to read-only or specific directories.
|
|
73
|
+
|
|
74
|
+
Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
### Output Formats
|
|
78
|
+
|
|
79
|
+
- **terminal** (default) — human-readable with severity coloring
|
|
80
|
+
- **json** — machine-parseable JSON array of findings
|
|
81
|
+
- **markdown** — formatted report suitable for commit comments
|
|
82
|
+
- **sarif** — SARIF v2.1.0, compatible with GitHub CodeQL
|
|
83
|
+
|
|
84
|
+
### Supported Config Files
|
|
85
|
+
|
|
86
|
+
AgentSec automatically detects and scans these file types:
|
|
87
|
+
|
|
88
|
+
- MCP servers: `mcp.json`, `mcp.yaml`, `mcp.toml`
|
|
89
|
+
- Claude Desktop: `claude_desktop_config.json`
|
|
90
|
+
- Cursor: `.cursorrules`, `.cursor/rules/*`
|
|
91
|
+
- Codex / Cline: `codex.toml`, `.clinerules`
|
|
92
|
+
- Agent instructions: `AGENTS.md`, `CLAUDE.md`
|
|
93
|
+
- Infrastructure: `Dockerfile`, `package.json`
|
|
94
|
+
|
|
95
|
+
## Documentation
|
|
96
|
+
|
|
97
|
+
Full documentation: [https://locface.github.io/AgentSec/docs/](https://locface.github.io/AgentSec/docs/)
|
|
98
|
+
|
|
99
|
+
## Contributing
|
|
100
|
+
|
|
101
|
+
See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, testing, and pull request workflow.
|
|
102
|
+
|
|
103
|
+
## Security
|
|
104
|
+
|
|
105
|
+
Report vulnerabilities privately. See [SECURITY.md](SECURITY.md) for our disclosure policy.
|
|
106
|
+
|
|
107
|
+
## License
|
|
108
|
+
|
|
109
|
+
MIT — see [LICENSE](LICENSE).
|
|
@@ -90,7 +90,7 @@ def generate_sarif(findings: List[Dict[str, Any]], repo_root: str = ".") -> Dict
|
|
|
90
90
|
"organization": "AgentSec",
|
|
91
91
|
"informationUri": "https://github.com/locface/AgentSec",
|
|
92
92
|
"rules": list(rules.values()),
|
|
93
|
-
"version": "1.0.
|
|
93
|
+
"version": "1.0.1"
|
|
94
94
|
}
|
|
95
95
|
},
|
|
96
96
|
"results": results,
|
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: agentsec-cli
|
|
3
|
+
Version: 1.0.1
|
|
4
|
+
Summary: Static security scanner for AI coding agents and MCP configurations
|
|
5
|
+
Author: locface
|
|
6
|
+
License-Expression: MIT
|
|
7
|
+
Project-URL: homepage, https://locface.github.io/AgentSec/
|
|
8
|
+
Project-URL: repository, https://github.com/locface/AgentSec
|
|
9
|
+
Project-URL: documentation, https://locface.github.io/AgentSec/docs/
|
|
10
|
+
Project-URL: changelog, https://github.com/locface/AgentSec/blob/main/CHANGELOG.md
|
|
11
|
+
Classifier: Development Status :: 5 - Production/Stable
|
|
12
|
+
Classifier: Intended Audience :: Developers
|
|
13
|
+
Classifier: Programming Language :: Python :: 3
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
18
|
+
Requires-Python: >=3.10
|
|
19
|
+
Description-Content-Type: text/markdown
|
|
20
|
+
License-File: LICENSE
|
|
21
|
+
Requires-Dist: click<9,>=8.0.0
|
|
22
|
+
Requires-Dist: pyyaml<7,>=6.0
|
|
23
|
+
Requires-Dist: toml<1,>=0.10.2
|
|
24
|
+
Requires-Dist: tomli<3,>=2.0.1; python_version < "3.11"
|
|
25
|
+
Provides-Extra: dev
|
|
26
|
+
Requires-Dist: pytest>=7.0.0; extra == "dev"
|
|
27
|
+
Dynamic: license-file
|
|
28
|
+
|
|
29
|
+
<picture>
|
|
30
|
+
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-dark.svg">
|
|
31
|
+
<img alt="AgentSec" src="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-light.svg">
|
|
32
|
+
</picture>
|
|
33
|
+
|
|
34
|
+
# AgentSec
|
|
35
|
+
|
|
36
|
+
**Static security scanner for AI coding agents and MCP configurations.**
|
|
37
|
+
|
|
38
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
39
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
40
|
+
[](LICENSE)
|
|
41
|
+
[](https://github.com/locface/AgentSec/actions)
|
|
42
|
+
|
|
43
|
+
AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.
|
|
44
|
+
|
|
45
|
+
All findings map to [OWASP Top 10 for LLM Applications](https://genai.owasp.org/) (LLM01–LLM10) and the [OWASP Agentic Security Top 10](https://owasp.org/) (AG01–AG10).
|
|
46
|
+
|
|
47
|
+
## Features
|
|
48
|
+
|
|
49
|
+
- 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
|
|
50
|
+
- OWASP LLM + Agentic mapping on every finding
|
|
51
|
+
- 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
|
|
52
|
+
- CI/CD gating with `--fail-on` (exit code 1 at severity threshold)
|
|
53
|
+
- Baseline comparison for regression tracking
|
|
54
|
+
- Automatic detection of JSON, YAML, TOML, and Markdown configs
|
|
55
|
+
- Zero runtime dependencies beyond the Python standard library
|
|
56
|
+
|
|
57
|
+
## Installation
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
pip install agentsec-cli
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
Requires Python 3.10 or later.
|
|
64
|
+
|
|
65
|
+
## Quick Start
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
# Scan a project
|
|
69
|
+
agentsec scan /path/to/project
|
|
70
|
+
|
|
71
|
+
# Generate SARIF for CI/CD
|
|
72
|
+
agentsec scan . --format sarif > results.sarif
|
|
73
|
+
|
|
74
|
+
# Gate CI on critical findings
|
|
75
|
+
agentsec scan . --fail-on critical
|
|
76
|
+
|
|
77
|
+
# Baseline comparison
|
|
78
|
+
agentsec scan . --update-baseline baseline.json
|
|
79
|
+
agentsec scan . --baseline baseline.json
|
|
80
|
+
|
|
81
|
+
# OWASP mapping
|
|
82
|
+
agentsec scan . --show-owasp
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
Example output:
|
|
86
|
+
|
|
87
|
+
```text
|
|
88
|
+
Scanning /home/user/dev/mcp-project...
|
|
89
|
+
|
|
90
|
+
[CRITICAL] MCP shell execution
|
|
91
|
+
File: claude_desktop_config.json
|
|
92
|
+
Server: shell-server
|
|
93
|
+
Description: MCP server can execute shell commands
|
|
94
|
+
Recommendation: Require explicit approval or remove shell access.
|
|
95
|
+
|
|
96
|
+
[CRITICAL] MCP filesystem write access
|
|
97
|
+
File: claude_desktop_config.json
|
|
98
|
+
Server: filesystem
|
|
99
|
+
Description: MCP server has filesystem write access
|
|
100
|
+
Recommendation: Restrict filesystem access to read-only or specific directories.
|
|
101
|
+
|
|
102
|
+
Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
### Output Formats
|
|
106
|
+
|
|
107
|
+
- **terminal** (default) — human-readable with severity coloring
|
|
108
|
+
- **json** — machine-parseable JSON array of findings
|
|
109
|
+
- **markdown** — formatted report suitable for commit comments
|
|
110
|
+
- **sarif** — SARIF v2.1.0, compatible with GitHub CodeQL
|
|
111
|
+
|
|
112
|
+
### Supported Config Files
|
|
113
|
+
|
|
114
|
+
AgentSec automatically detects and scans these file types:
|
|
115
|
+
|
|
116
|
+
- MCP servers: `mcp.json`, `mcp.yaml`, `mcp.toml`
|
|
117
|
+
- Claude Desktop: `claude_desktop_config.json`
|
|
118
|
+
- Cursor: `.cursorrules`, `.cursor/rules/*`
|
|
119
|
+
- Codex / Cline: `codex.toml`, `.clinerules`
|
|
120
|
+
- Agent instructions: `AGENTS.md`, `CLAUDE.md`
|
|
121
|
+
- Infrastructure: `Dockerfile`, `package.json`
|
|
122
|
+
|
|
123
|
+
## Documentation
|
|
124
|
+
|
|
125
|
+
Full documentation: [https://locface.github.io/AgentSec/docs/](https://locface.github.io/AgentSec/docs/)
|
|
126
|
+
|
|
127
|
+
## Contributing
|
|
128
|
+
|
|
129
|
+
See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, testing, and pull request workflow.
|
|
130
|
+
|
|
131
|
+
## Security
|
|
132
|
+
|
|
133
|
+
Report vulnerabilities privately. See [SECURITY.md](SECURITY.md) for our disclosure policy.
|
|
134
|
+
|
|
135
|
+
## License
|
|
136
|
+
|
|
137
|
+
MIT — see [LICENSE](LICENSE).
|