Fourth Day - 1/8


Mark II Security Scanner

Decided to build a different version of the Security Scanner. This new model should now send an email notification reporting what went wrong and provides suggestions to fix it. It also is compatible with VS code and their git extension. It also still categorises from critical, high, medium and low risks, only stopping the commit with a high or higher level of risk. The email that seemed to have worked yesterday did not work in any other attempt for me to work it so I believe it was either blind luck or a fluke.

In creating this new model, the email is now directly linked using app passwords that allows it to send emails in order to ensure that suggestions are seen and have been given solutions to fix the critical/high risk vulnerabilities.

In testing this it still does not seem to send an email, but the code now works to stop commits that are vulnerable in other repositories in Amacca1. This is an improvement on the original Prototype. I will be spending the rest of the day attempting to get the Emailing to work (either by letting it log into my email directly using .env files to hide the email and passwords, or by using a gmail account).

Current Directory:

Mark_II/
├── .env                                    # Environment configuration (API keys, SMTP settings)
├── .gitignore                              # Git ignore patterns
├── .venv/                                  # Python virtual environment
│   ├── .gitignore
│   ├── bin/                                # Virtual environment binaries
│   ├── include/                            # Virtual environment headers
│   ├── lib/                                # Virtual environment libraries
│   └── pyvenv.cfg                          # Virtual environment configuration
├── README.md                               # Project documentation
├── debug_vscode.py                         # VS Code integration troubleshooting
├── install.sh                              # Installation script
├── install_hooks.py                        # Git hooks installer (local/global)
├── mcp_server/                             # Model Context Protocol server components
│   ├── __pycache__/                        # Python bytecode cache
│   │   ├── mcp_client.cpython-313.pyc
│   │   └── security_notification_server.cpython-313.pyc
│   ├── mcp_client.py                       # MCP client with secure fallbacks (11,149 bytes)
│   ├── mcp_config.json                     # MCP server configuration
│   ├── requirements.txt                    # MCP-specific dependencies
│   └── security_notification_server.py    # MCP server with AI fix suggestions (27,990 bytes)
├── requirements.txt                        # Main project dependencies
├── security_scan_results.json             # Latest scan results
├── security_scanner.log                   # Activity logs (217 lines)
├── security_scanner.py                    # Main AI-powered scanner (32,569 bytes)
├── setup.py                                # Interactive configuration wizard
└── vscode_hook.sh                          # VS Code-specific git hook wrapper

Core Components

Main Scanner Engine
  • security_scanner.py - Primary security scanner with Claude AI integration
    • Vulnerability detection using AI analysis
    • Git integration for pre-commit scanning
    • Cross-platform notification system
    • Secure file handling and path validation
MCP Integration
  • mcp_server/ - Model Context Protocol server for intelligent notifications
    • AI-powered fix suggestions using Claude API
    • Secure client-server communication
    • Fallback notification mechanisms
Configuration & Setup
  • .env - Secure environment variable storage
  • setup.py - Interactive configuration wizard
  • install_hooks.py - Automated git hooks installation
  • requirements.txt - Python dependency management
Integration Tools
  • debug_vscode.py - VS Code troubleshooting utilities
  • vscode_hook.sh - VS Code-compatible git hook wrapper
  • install.sh - System installation script

Key Features

Security Capabilities

  • AI-Powered Analysis: Claude 3.5 Sonnet integration for vulnerability detection
  • Multi-Language Support: Python, JavaScript, TypeScript, PHP, Java, C++, and more
  • Real-Time Scanning: Pre-commit hooks block vulnerable code
  • Severity Classification: Critical, High, Medium, Low risk categorization
Notification System
  • Mac Notifications: Native macOS alerts via plyer/osascript
  • Email Alerts: HTML-formatted reports via SMTP (Outlook/Gmail)
  • MCP Notifications: AI-generated fix suggestions via Model Context Protocol
Git Integration
  • Pre-Commit Hooks: Automatic scanning before commits
  • Multi-Repository Support: Global and local hook installation
  • VS Code Compatibility: Seamless integration with VS Code git operations

Technical Architecture

Security Hardening
  • Path traversal protection
  • Command injection prevention
  • Secure file permissions (owner read/write only)
  • Input validation and sanitization
  • Timeout protections for external calls
Error Handling
  • Graceful Claude API failure recovery
  • JSON parsing error tolerance
  • Network timeout handling
  • Fallback notification mechanisms
Performance Optimizations
  • File size thresholds for analysis
  • Selective file type scanning
  • Efficient git integration
  • Minimal resource usage in git hooks

Environment Variables (.env)

ANTHROPIC_API_KEY=your_claude_api_key
EMAIL_ADDRESS=your_email@domain.com
EMAIL_PASSWORD=your_app_password
SMTP_SERVER=smtp-mail.outlook.com
SMTP_PORT=587
ENABLE_NOTIFICATIONS=true
ENABLE_EMAIL_ALERTS=true
VULNERABILITY_THRESHOLD=high
LOG_LEVEL=INFO

MCP Configuration (mcp_server/mcp_config.json)

  • Server endpoint configuration
  • AI model settings
  • Notification preferences
  • Security parameters