Armis Security Scanner

AI-powered security scanning. Scans code, files, and git diffs for vulnerabilities in real-time using the Armis scanning API.

GitHub

Armis AppSec MCP Plugin

AI-powered security scanning for Claude Code. Scans code, files, and git diffs for vulnerabilities in real-time using the Armis scanning API.

Features

scan_code — Scan a code snippet for vulnerabilities
scan_file — Scan a file on disk
scan_diff — Scan git changes (staged, unstaged, or diff against a branch)
Commit gate — Automatically blocks git commit, git push, and gh pr create until code is scanned
/security-scan — On-demand scanning via slash command

Installation

1. Add the marketplace

In Claude Code:

/plugin marketplace add ArmisSecurity/armis-appsec-mcp

2. Install the plugin

/plugin install armis-appsec@armis-appsec-mcp

This unpacks the plugin into a versioned directory under ~/.claude/plugins/cache/armis-appsec-mcp/armis-appsec/<version>/.

3. Set credentials

Run this in a shell after installing — it locates the unpacked plugin directory and writes .env into it:

PLUGIN_DIR="$(ls -dt ~/.claude/plugins/cache/armis-appsec-mcp/armis-appsec/*/ | head -1)"
cat > "$PLUGIN_DIR/.env" << 'EOF'
ARMIS_CLIENT_ID=<your-client-id>
ARMIS_CLIENT_SECRET=<your-client-secret>
EOF
chmod 600 "$PLUGIN_DIR/.env"

Contact the Armis AppSec team if you don't have credentials.

4. Restart Claude Code

The plugin loads automatically. Verify with:

/security-scan

Usage

Scan staged changes (default)

/security-scan

Scan a specific file

/security-scan path/to/file.py

Scan diff against a branch

/security-scan ref=main

Scan pasted code

Paste code into the conversation and ask:

Is this code secure?

Commit gate

When Claude runs git commit, git push, or gh pr create, the plugin automatically:

Blocks the command
Instructs Claude to scan the changes
Allows the command after a clean scan (no HIGH/CRITICAL findings)

If HIGH/CRITICAL findings are found, Claude will attempt to fix them. If findings remain after remediation, Claude asks for your approval before proceeding.

Configuration

Environment Variable	Default	Description
`ARMIS_CLIENT_ID`	(required)	Client ID for authentication
`ARMIS_CLIENT_SECRET`	(required)	Client secret for authentication
`APPSEC_ENV`	`prod`	`dev` or `prod` — selects API endpoint
`APPSEC_API_URL`	(auto)	Override the API base URL
`APPSEC_DEBUG`	(unset)	Set to any value to enable debug logging

Running Tests

pip install pytest httpx mcp[cli] python-dotenv
python -m pytest hooks/tests/ -v

Architecture

              +---------------------+
              |  Armis Cloud        |
              |  POST /scan/fast    |
              +--------+------------+
                       ^
                       | HTTPS (JWT Bearer)
              +--------+------------+
              |   Scanner Core       |
              |  scanner_core.py     |
              +--------+------------+
                 +-----+------+
                 |            |
           +-----v-----+ +---v---------+
           | MCP Server | | PreToolUse  |
           | server.py  | | Hook        |
           +------------+ +-------------+

License

Apache License 2.0 — see LICENSE for details.

Máy chủ liên quan

Alpha Vantage MCP Server

nhà tài trợ

Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more

uMCP (ultraMCP)

A lightweight Java framework for building MCP servers with TCP transport via mcp-java-bridge.

Celery Flower MCP

MCP server for Celery Flower — monitor workers, manage tasks and queues from any AI assistant

Recon Chimera Scaffold

Scaffolds Chimera fuzzing test suites for Solidity smart contracts with invariant properties, handlers, and fuzzer configs

Python Local

An interactive Python REPL environment with persistent session history.

spm-mcp

iOS Swift Package Manager server written in Swift

Laravel Forge MCP Server

Manage Laravel Forge servers and sites using the Forge API.

Intervals.icu

Connects to the Intervals.icu API to retrieve activities, events, and wellness data.

Yellhorn MCP

An MCP server that integrates Gemini 2.5 Pro and OpenAI models for software development tasks, allowing the use of your entire codebase as context.

WebdriverIO MCP

A Model Context Protocol (MCP) server that enables Claude Desktop to interact with web browsers and mobile applications using WebDriverIO. Automate Chrome browsers, iOS apps, and Android apps—all through a unified interface.

MCP API Bridge

A server that bridges Google Sheets, Azure AI, and MQTT APIs.