Gg Mcp
What is Gg Mcp
GitGuardian MCP Server is a tool that integrates with AI development environments to provide security features focused on preventing credential leaks and managing security incidents. It utilizes GitGuardian’s API, which includes over 500 secret detectors, to scan codebases for sensitive information.
Use cases
Common use cases include scanning codebases for leaked secrets, managing security incidents seamlessly within the development workflow, creating honeytokens to detect unauthorized access, and automating remediation steps for found vulnerabilities, allowing developers to focus on coding without security interruptions.
How to use
To use the GitGuardian MCP server, you need to install it through various AI editing environments like Cursor, Claude Desktop, Windsurf, or Zed Editor. After installation, authenticate with GitGuardian, and then you can execute prompts related to secret scanning, incident management, and honeytoken creation directly within your development environment.
Key features
Key features include secret scanning for credentials and API keys, incident management for viewing and resolving security issues, and the ability to create and manage honeytokens that help in monitoring unauthorized access to sensitive information.
Where to use
The GitGuardian MCP server can be used within popular coding environments and editors that support integration with MCP servers, such as Cursor, Claude Desktop, Windsurf, and Zed. It enhances security practices in any stage of development by embedding security checks directly into the coding workflow.
Overview
What is Gg Mcp
GitGuardian MCP Server is a tool that integrates with AI development environments to provide security features focused on preventing credential leaks and managing security incidents. It utilizes GitGuardian’s API, which includes over 500 secret detectors, to scan codebases for sensitive information.
Use cases
Common use cases include scanning codebases for leaked secrets, managing security incidents seamlessly within the development workflow, creating honeytokens to detect unauthorized access, and automating remediation steps for found vulnerabilities, allowing developers to focus on coding without security interruptions.
How to use
To use the GitGuardian MCP server, you need to install it through various AI editing environments like Cursor, Claude Desktop, Windsurf, or Zed Editor. After installation, authenticate with GitGuardian, and then you can execute prompts related to secret scanning, incident management, and honeytoken creation directly within your development environment.
Key features
Key features include secret scanning for credentials and API keys, incident management for viewing and resolving security issues, and the ability to create and manage honeytokens that help in monitoring unauthorized access to sensitive information.
Where to use
The GitGuardian MCP server can be used within popular coding environments and editors that support integration with MCP servers, such as Cursor, Claude Desktop, Windsurf, and Zed. It enhances security practices in any stage of development by embedding security checks directly into the coding workflow.
Content
GitGuardian MCP Server
Stay focused on building your product while your AI assistant handles the security heavy lifting with GitGuardian’s comprehensive protection.
This MCP server enables your AI agent to scan projects using GitGuardian’s industry-leading API, featuring over 500 secret detectors to prevent credential leaks before they reach public repositories.
Resolve security incidents without context switching to the GitGuardian console. Take advantage of rich contextual data to enhance your agent’s remediation capabilities, enabling rapid resolution and automated removal of hardcoded secrets.
Key Features
- Secret Scanning: Scan code for leaked secrets, credentials, and API keys
- Incident Management: View, assign, and resolve security incidents related to the project you are currently working.
- Honeytokens: Create and manage honeytokens to detect unauthorized access
Prompts examples
Remediate all incidents related to my project
Scan this codebase for any leaked secrets or credentials
Check if there are any new security incidents assigned to me
Help me understand this security incident and provide remediation steps
List all my active honeytokens
Generate a new honeytoken for monitoring AWS credential access
Show me my most recent honeytoken and help me embed it in my codebase
Create a honeytoken named 'dev-database' and hide it in config files
Prerequisites
Before installing the GitGuardian MCP servers, ensure you have the following prerequisites:
- uv: This project uses uv for package installation and dependency management.
Install uv by following the instructions at: https://docs.astral.sh/uv/getting-started/installation/
Installation
Below are instructions for installing the GitGuardian MCP servers with various AI editors and interfaces.
Installation with Cursor
Quick Install with One-Click Buttons (Cursor >= 1.0):
For Developer MCP Server:
Manual Configuration:
-
Edit your Cursor MCP configuration file located at
~/.cursor/mcp.json -
Add the GitGuardian MCP server configuration:
{ "mcpServers": { "GitGuardianDeveloper": { "command": "uvx", "args": [ "--from", "git+https://github.com/GitGuardian/gg-mcp.git", "developer-mcp-server" ] } } }
Installation with Claude Desktop
-
Edit your Claude Desktop MCP configuration file located at:
- macOS:
~/Library/Application Support/Claude Desktop/mcp.json - Windows:
%APPDATA%\Claude Desktop\mcp.json
- macOS:
-
Add the GitGuardian MCP server configuration:
{ "mcpServers": { "GitGuardianDeveloper": { "command": "/path/to/uvx", "args": [ "--from", "git+https://github.com/GitGuardian/gg-mcp.git", "developer-mcp-server" ] } } } -
Replace
/path/to/uvxwith the absolute path to the uvx executable on your system.⚠️ WARNING: For Claude Desktop, you must specify the full absolute path to the
uvxexecutable, not just"command": "uvx". This is different from other MCP clients. -
Restart Claude Desktop to apply the changes.
Installation with Windsurf
To use the GitGuardian MCP server with Windsurf:
-
Edit your Windsurf MCP configuration file located at:
- macOS:
~/Library/Application Support/Windsurf/mcp.json - Windows:
%APPDATA%\Windsurf\mcp.json - Linux:
~/.config/Windsurf/mcp.json
- macOS:
-
Add the following entry to the configuration file:
{ "mcp": { "servers": { "GitGuardianDeveloper": { "type": "stdio", "command": "uvx", "args": [ "--from", "git+https://github.com/GitGuardian/gg-mcp.git", "developer-mcp-server" ] } } } }
Installation with Zed Editor
-
Edit your Zed MCP configuration file located at:
- macOS:
~/Library/Application Support/Zed/mcp.json - Linux:
~/.config/Zed/mcp.json
- macOS:
-
Add the GitGuardian MCP server configuration:
{ "GitGuardianDeveloper": { "command": { "path": "uvx", "args": [ "--from", "git+https://github.com/GitGuardian/gg-mcp.git", "developer-mcp-server" ] } } }
Authentication Process
- When you start the server, it will automatically open a browser window to authenticate with GitGuardian
- After you log in to GitGuardian and authorize the application, you’ll be redirected back to the local server
- The authentication token will be securely stored for future use
- The next time you start the server, it will reuse the stored token without requiring re-authentication
Development
If you want to contribute to this project or add new tools, please see the Development Guide.
Testing
This project includes a comprehensive test suite to ensure functionality and prevent regressions.
Running Tests
- Run the test suite:
uv run pytest
This will run all tests and generate a coverage report showing which parts of the codebase are covered by tests.