Security FAQs

Question 1

What is 'Security' and its primary function?

Accepted Answer

'Security' is an MCP server that integrates robust security scanning capabilities—including secret detection, SCA, SAST, and DAST—directly into your IDE, offering AI-powered remediation for identified vulnerabilities.

Question 2

Which IDEs are compatible with 'Security'?

Accepted Answer

'Security' is compatible with Visual Studio Code (especially with GitHub Copilot or Continue.dev) and Cursor IDE. Cursor IDE currently offers the best user experience. PyCharm is not compatible with HTTP-based MCP servers.

Question 3

How does 'Security' assist with vulnerability remediation?

Accepted Answer

It leverages generative AI, operating via the Model Context Protocol (MCP), to provide intelligent, actionable remediation suggestions for security findings, streamlining the fix process within your development environment.

Question 4

What is the Model Context Protocol (MCP) and its significance for 'Security'?

Accepted Answer

The Model Context Protocol (MCP) is a standard for streamlining interaction between AI models and various tools. 'Security' acts as an MCP server, enabling seamless integration of security tools and AI-driven remediation within IDEs without the need for custom integrations.

Question 5

What types of security scans does 'Security' perform?

Accepted Answer

'Security' performs comprehensive scans covering secret detection (e.g., nosey parker, gitleaks), Software Composition Analysis (SCA) with IaC (e.g., trivy, osv-scanner), Static Application Security Testing (SAST) (e.g., opengrep), and Dynamic Application Security Testing (DAST) (e.g., nuclei, zaproxy).

Security

关于

主要功能

使用案例