Armis Security Scanner

AI-powered security scanning. Scans code, files, and git diffs for vulnerabilities in real-time using the Armis scanning API.

GitHub

Armis AppSec MCP Plugin

AI-powered security scanning for Claude Code. Scans code, files, and git diffs for vulnerabilities in real-time using the Armis scanning API.

Features

scan_code — Scan a code snippet for vulnerabilities
scan_file — Scan a file on disk
scan_diff — Scan git changes (staged, unstaged, or diff against a branch)
Commit gate — Automatically blocks git commit, git push, and gh pr create until code is scanned
/security-scan — On-demand scanning via slash command

Installation

1. Add the marketplace

In Claude Code:

/plugin marketplace add ArmisSecurity/armis-appsec-mcp

2. Install the plugin

/plugin install armis-appsec@armis-appsec-mcp

This unpacks the plugin into a versioned directory under ~/.claude/plugins/cache/armis-appsec-mcp/armis-appsec/<version>/.

3. Set credentials

Run this in a shell after installing — it locates the unpacked plugin directory and writes .env into it:

PLUGIN_DIR="$(ls -dt ~/.claude/plugins/cache/armis-appsec-mcp/armis-appsec/*/ | head -1)"
cat > "$PLUGIN_DIR/.env" << 'EOF'
ARMIS_CLIENT_ID=<your-client-id>
ARMIS_CLIENT_SECRET=<your-client-secret>
EOF
chmod 600 "$PLUGIN_DIR/.env"

Contact the Armis AppSec team if you don't have credentials.

4. Restart Claude Code

The plugin loads automatically. Verify with:

/security-scan

Usage

Scan staged changes (default)

/security-scan

Scan a specific file

/security-scan path/to/file.py

Scan diff against a branch

/security-scan ref=main

Scan pasted code

Paste code into the conversation and ask:

Is this code secure?

Commit gate

When Claude runs git commit, git push, or gh pr create, the plugin automatically:

Blocks the command
Instructs Claude to scan the changes
Allows the command after a clean scan (no HIGH/CRITICAL findings)

If HIGH/CRITICAL findings are found, Claude will attempt to fix them. If findings remain after remediation, Claude asks for your approval before proceeding.

Configuration

Environment Variable	Default	Description
`ARMIS_CLIENT_ID`	(required)	Client ID for authentication
`ARMIS_CLIENT_SECRET`	(required)	Client secret for authentication
`APPSEC_ENV`	`prod`	`dev` or `prod` — selects API endpoint
`APPSEC_API_URL`	(auto)	Override the API base URL
`APPSEC_DEBUG`	(unset)	Set to any value to enable debug logging

Running Tests

pip install pytest httpx mcp[cli] python-dotenv
python -m pytest hooks/tests/ -v

Architecture

              +---------------------+
              |  Armis Cloud        |
              |  POST /scan/fast    |
              +--------+------------+
                       ^
                       | HTTPS (JWT Bearer)
              +--------+------------+
              |   Scanner Core       |
              |  scanner_core.py     |
              +--------+------------+
                 +-----+------+
                 |            |
           +-----v-----+ +---v---------+
           | MCP Server | | PreToolUse  |
           | server.py  | | Hook        |
           +------------+ +-------------+

License

Apache License 2.0 — see LICENSE for details.

Servidores relacionados

Alpha Vantage MCP Server

patrocinador

Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more

Domain Checker

Check domain name availability using WHOIS lookups and DNS resolution.

Talk to Figma MCP

A server for integrating with Figma, allowing you to interact with your design files.

Model Context Protocol servers

A collection of reference server implementations for the Model Context Protocol (MCP) using Typescript and Python SDKs.

FAL Imagen 4

Generate high-quality images using Google's Imagen 4 Ultra model via the FAL AI platform.

Claude Code Memory Server

A Neo4j-based MCP server providing persistent memory and contextual assistance for Claude Code.

Squidler.io

Squidler is designed to validate your web app as a human based on natural language use cases, without write brittle, DOM-dependent tests.

AWS CodePipeline MCP Server

Integrates with AWS CodePipeline to manage continuous integration and delivery pipelines.

ImageSorcery MCP

ComputerVision-based 🪄 sorcery of image recognition and editing tools for AI assistants.

Google Apps Script MCP Server

Manage Google Apps Script projects, including creation, editing, deployment, and execution. Requires Google Cloud credentials for authentication.

ContextStream

Persistent memory and semantic search for AI coding assistants across sessions