Access Codescan projects, metrics, and filtered issue data through AI.
The material says this tool interacts with the Codescan API to list projects, retrieve metrics, and query issues, but the provided metadata states no credentials and no remote endpoints, which is inconsistent and should be verified. Open-source MIT licensing lowers some supply-chain concern, but missing documentation, zero stars, and unknown maintenance justify an overall cautious posture.
The metadata says there are no credentials, but the description explicitly says it interacts with the Codescan API; in practice, such API access often involves authentication. The materials do not explain credential sourcing, storage, or scope, so documentation gaps warrant verification for possible hidden or misconfigured credential use.
The description indicates outbound communication to the Codescan API for query requests, so network egress should be assumed even though no specific host is disclosed. There is no explicit red flag showing exfiltration to unrelated third parties, but the actual destinations and scope of transmitted data are undocumented and should be confirmed before use.
The system flags this tool as executes-code, meaning it has the normal MCP capability to run code or processes locally. Based on the available material, there is no evidence of system privileges clearly exceeding its stated purpose or any suspicious execution chain, so this remains a caution rather than a high-risk finding.
By function, the tool may access project, metrics, and issue data related to code scanning results; however, the missing README leaves local file access, write behavior, caching, and least-privilege design unspecified. There is no evidence that it asks for data access far beyond its purpose, but transparency is limited.
The repository is open source under MIT, which is a meaningful risk-reducing factor; however, it comes from a third-party registry, has zero stars, unknown maintenance, and no README, so while auditability exists, maturity and trust remain limited. There is no sign of closed-source opacity or overt maliciousness, so this should not be escalated to high risk.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "codescan-mcp-server" yet — see the docs or source repo.
List all projects in Codescan and summarize key quality metrics for each, such as bug count, code smells, vulnerabilities, and duplication rate, sorted by highest risk first.
A project list with summarized quality metrics for each project, ranked by risk priority.
Query issues created in the last 30 days with high severity, show only items affecting production and not closed, and group the results by project.
A filtered issue list with matching results, project ownership, and grouped summaries.
Based on current Codescan metrics and issue data across all projects, identify the five projects that need the most urgent remediation, explain why, and suggest improvement actions.
A prioritized list of projects, the rationale behind the ranking, and actionable quality improvement recommendations.
Analyze local code quality, review diffs, and score whole projects.
Scan code for security risks before commits with automated review assistance.
Search, analyze, navigate, and scan multilingual codebases without API keys.
Get CVE-based security review prompts to find risky code vulnerabilities faster.
Analyze codebases with metrics, thresholds, and quality checks for faster reviews.
Analyze, match, and transform code structures across multiple programming languages.