Armis Security Scanner

AI-powered security scanning. Scans code, files, and git diffs for vulnerabilities in real-time using the Armis scanning API.

GitHub

Armis AppSec MCP Plugin

AI-powered security scanning for Claude Code. Scans code, files, and git diffs for vulnerabilities in real-time using the Armis scanning API.

Features

scan_code — Scan a code snippet for vulnerabilities
scan_file — Scan a file on disk
scan_diff — Scan git changes (staged, unstaged, or diff against a branch)
Commit gate — Automatically blocks git commit, git push, and gh pr create until code is scanned
/security-scan — On-demand scanning via slash command

Installation

1. Add the marketplace

In Claude Code:

/plugin marketplace add ArmisSecurity/armis-appsec-mcp

2. Install the plugin

/plugin install armis-appsec@armis-appsec-mcp

This unpacks the plugin into a versioned directory under ~/.claude/plugins/cache/armis-appsec-mcp/armis-appsec/<version>/.

3. Set credentials

Run this in a shell after installing — it locates the unpacked plugin directory and writes .env into it:

PLUGIN_DIR="$(ls -dt ~/.claude/plugins/cache/armis-appsec-mcp/armis-appsec/*/ | head -1)"
cat > "$PLUGIN_DIR/.env" << 'EOF'
ARMIS_CLIENT_ID=<your-client-id>
ARMIS_CLIENT_SECRET=<your-client-secret>
EOF
chmod 600 "$PLUGIN_DIR/.env"

Contact the Armis AppSec team if you don't have credentials.

4. Restart Claude Code

The plugin loads automatically. Verify with:

/security-scan

Usage

Scan staged changes (default)

/security-scan

Scan a specific file

/security-scan path/to/file.py

Scan diff against a branch

/security-scan ref=main

Scan pasted code

Paste code into the conversation and ask:

Is this code secure?

Commit gate

When Claude runs git commit, git push, or gh pr create, the plugin automatically:

Blocks the command
Instructs Claude to scan the changes
Allows the command after a clean scan (no HIGH/CRITICAL findings)

If HIGH/CRITICAL findings are found, Claude will attempt to fix them. If findings remain after remediation, Claude asks for your approval before proceeding.

Configuration

Environment Variable	Default	Description
`ARMIS_CLIENT_ID`	(required)	Client ID for authentication
`ARMIS_CLIENT_SECRET`	(required)	Client secret for authentication
`APPSEC_ENV`	`prod`	`dev` or `prod` — selects API endpoint
`APPSEC_API_URL`	(auto)	Override the API base URL
`APPSEC_DEBUG`	(unset)	Set to any value to enable debug logging

Running Tests

pip install pytest httpx mcp[cli] python-dotenv
python -m pytest hooks/tests/ -v

Architecture

              +---------------------+
              |  Armis Cloud        |
              |  POST /scan/fast    |
              +--------+------------+
                       ^
                       | HTTPS (JWT Bearer)
              +--------+------------+
              |   Scanner Core       |
              |  scanner_core.py     |
              +--------+------------+
                 +-----+------+
                 |            |
           +-----v-----+ +---v---------+
           | MCP Server | | PreToolUse  |
           | server.py  | | Hook        |
           +------------+ +-------------+

License

Apache License 2.0 — see LICENSE for details.

Servidores relacionados

Alpha Vantage MCP Server

patrocinador

Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more

Contrast MCP Server

Remediate vulnerabilities found by Contrast products using LLM and Coding Agent capabilities.

pabal-resource-mcp

MCP server for ASO ↔ Web SEO data conversion.

MLflow Prompt Registry

Access prompt templates managed in an MLflow Prompt Registry. Requires a running MLflow server configured via the MLFLOW_TRACKING_URI environment variable.

nREPL MCP Server

Interact with a running Clojure nREPL instance for code evaluation, namespace inspection, and other utilities.

Azure DevOps MCP Server

An MCP server for Azure DevOps, enabling AI assistants to interact with Azure DevOps APIs.

MCP Server Health Monitor

Health monitoring for all your MCP servers — probes, SLA tracking, dependency graphs, auto-restart

MCP Orchestrator

Aggregates tools from multiple MCP servers with unified BM25/regex search and deferred loading

fastMCP4J

Fast lightweight Java MCP server framework - Build Model Context Protocol servers with minimal boilerplate and full TypeScript SDK compatibility

Unity MCP

Perform actions in the Unity Editor for game development using AI clients.

Accordo MCP Server

Provides dynamic YAML-driven workflow guidance for AI coding agents with structured development workflows, progression control, and decision points.