GoThreatScope
Performs comprehensive security inspections of project directories, generating SBOMs, detecting vulnerabilities and malicious packages, and scanning for hardcoded secrets.
About
GoThreatScope is a modular security toolchain written in Go, designed to provide a high-level security inspection of project directories. It automates the generation of lightweight Software Bill of Materials (SBOMs), identifies known vulnerabilities and malicious packages by checking dependencies against osv.dev, and uncovers hardcoded secrets using Gitleaks or a robust built-in scanner. Uniquely, GoThreatScope also functions as a Model Context Protocol (MCP) server, allowing AI-powered IDEs like Cursor or Visual Studio Code to query its detailed security findings through natural language and retrieve structured data for enhanced developer workflows.
Key Features
- Lightweight SBOM generation for project dependencies
- Vulnerability and malicious package detection via osv.dev
- Hardcoded secrets scanning (integrates Gitleaks or uses a built-in engine)
- Model Context Protocol (MCP) server for AI and IDE integration
- Persistent local storage of scan results with change detection and history
- 1 GitHub stars
Use Cases
- Automating security analysis within CI/CD pipelines for projects
- Integrating security scanning into AI-powered IDEs for natural language querying of results
- On-demand command-line generation of SBOMs, vulnerability, and secret reports
