Is Ggmcp safe to use?

Ggmcp has no known CVEs as of the latest MCPpedia security scan. It requires authentication to connect, which limits unauthorized access. Licensed under MIT.

How do I install Ggmcp?

Ggmcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

Ggmcp provides 5 tools: scan_project, view_incidents, create_honeytoken, get_user_info, revoke_token. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Ggmcp?

Ggmcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Ggmcp actively maintained?

Ggmcp is actively maintained — last commit was 3 days ago. It has 34 GitHub stars.

Ggmcp

Name: Ggmcp
Author: GitGuardian

Official

executable · by GitGuardian

MCP server for scanning and remediating hardcoded secrets using GitGuardian’s API. Detect over 500 secret types and prevent credential leaks before code goes public.

34 5 tools GitHub PyPI

No known CVEs

MIT license

Actively maintained

Last commit 3d ago

Works with most clients

Transport: stdio, sse, http

5 tools · ~224 tok

Grade A · 0.1% of 200K ctx

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "GitGuardianDeveloper": {
      "args": [
        "--from",
        "git+https://github.com/GitGuardian/ggmcp.git",
        "developer-mcp-server"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/ggmcp)](https://mcppedia.org/s/ggmcp)

Read me

What Ggmcp does

Stay focused on building your product while your AI assistant handles the security heavy lifting with GitGuardian's comprehensive protection.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

88/100across 5 weighted dimensions

How we score →

0255075100

−12

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked executable against OSV.dev.

Inventory

Tools (5)

Click any tool to inspect its schema.

~224 tokens total

Inventory

Prompts (8)

remediate_incidents

Remediate all incidents related to my project

scan_codebase

Scan this codebase for any leaked secrets or credentials

check_new_incidents

Check if there are any new security incidents assigned to me

understand_incident

Help me understand this security incident and provide remediation steps

list_honeytokens

List all my active honeytokens

generate_aws_honeytoken

Generate a new honeytoken for monitoring AWS credential access

embed_honeytoken

Show me my most recent honeytoken and help me embed it in my codebase

create_named_honeytoken

Create a honeytoken named 'dev-database' and hide it in config files

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Ggmcp safe to use?: Ggmcp has no known CVEs as of the latest MCPpedia security scan. It requires authentication to connect, which limits unauthorized access. Licensed under MIT.
How do I install Ggmcp?: Ggmcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Ggmcp do?: Ggmcp provides 5 tools: scan_project, view_incidents, create_honeytoken, get_user_info, revoke_token. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Ggmcp?: Ggmcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Ggmcp actively maintained?: Ggmcp is actively maintained — last commit was 3 days ago. It has 34 GitHub stars.

Similar servers

Others in security / developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Mcp_agent_mail96

Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite

2.0k 6

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

MCP Security Weekly

Get CVE alerts and security updates for Ggmcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "GitGuardianDeveloper": {
      "args": [
        "--from",
        "git+https://github.com/GitGuardian/ggmcp.git",
        "developer-mcp-server"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/ggmcp)](https://mcppedia.org/s/ggmcp)

Read me

What Ggmcp does

Stay focused on building your product while your AI assistant handles the security heavy lifting with GitGuardian's comprehensive protection.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

GitGuardian MCP Server

Stay focused on building your product while your AI assistant handles the security heavy lifting with GitGuardian's comprehensive protection.

This MCP server enables your AI agent to scan projects using GitGuardian's industry-leading API, featuring over 500 secret detectors to prevent credential leaks before they reach public repositories.

Resolve security incidents without context switching to the GitGuardian console. Take advantage of rich contextual data to enhance your agent's remediation capabilities, enabling rapid resolution and automated removal of hardcoded secrets.

Disclaimer

[!CAUTION] MCP servers are an emerging and rapidly evolving technology. While they can significantly boost productivity and improve the developer experience, their use with various agents and models should always be supervised.

Agents act on your behalf and under your responsibility. Always use MCP servers from trusted sources (just as you would with any dependency), and carefully review agent actions when they interact with MCP server tools.

To better assist you in safely using this server, we have:

(1) Designed our MCP server to operate with "read-only" permissions, minimizing the access level granted to your agent. This helps ensure that, even if the agent tries to perform unintended actions, its capabilities remain limited to safe, non-destructive operations.

(2) Released this official MCP server to ensure you are using a legitimate and trusted implementation.

Features supported

Secret Scanning: Scan code for leaked secrets, credentials, and API keys
Incident Management: View security incidents related to the project you are currently working.
Honeytokens: Create honeytokens to detect unauthorized access
Authentication Management: Get authenticated user information and token details
Token Management: Revoke current API tokens

Want more features? Have a use case that's not covered? We'd love to hear from you! Submit your ideas and feedback by opening an issue on GitHub to help us prioritize new MCP server capabilities.

Prompts examples

Remediate all incidents related to my project

Scan this codebase for any leaked secrets or credentials

Check if there are any new security incidents assigned to me

Help me understand this security incident and provide remediation steps

List all my active honeytokens

Generate a new honeytoken for monitoring AWS credential access

Show me my most recent honeytoken and help me embed it in my codebase

Create a honeytoken named 'dev-database' and hide it in config files

Prerequisites

Before installing the GitGuardian MCP servers, ensure you have the following prerequisites:

uv: This project uses uv for package installation and dependency management. Install uv by following the instructions at: https://docs.astral.sh/uv/getting-started/installation/

Installation

Below are instructions for installing the GitGuardian MCP servers with various AI editors and interfaces.

The MCP server supports both GitGuardian SaaS and self-hosted instances.

Installation with Cursor

Quick Install with One-Click Buttons (Cursor >= 1.0):

Note: The one-click install sets up the default US SaaS configuration. For EU SaaS or self-hosted instances, you'll need to manually add environment variables as shown in the Configuration section. A single MCP server now serves both developer and SecOps audiences — the tools exposed to your agent depend on the OAuth scopes granted to the access toke

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

88/100across 5 weighted dimensions

How we score →

0255075100

−12

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked executable against OSV.dev.

Inventory

Tools (5)

Click any tool to inspect its schema.

~224 tokens total

Inventory

Prompts (8)

remediate_incidents

Remediate all incidents related to my project

scan_codebase

Scan this codebase for any leaked secrets or credentials

check_new_incidents

Check if there are any new security incidents assigned to me

understand_incident

Help me understand this security incident and provide remediation steps

list_honeytokens

List all my active honeytokens

generate_aws_honeytoken

Generate a new honeytoken for monitoring AWS credential access

embed_honeytoken

Show me my most recent honeytoken and help me embed it in my codebase

create_named_honeytoken

Create a honeytoken named 'dev-database' and hide it in config files

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Ggmcp safe to use?: Ggmcp has no known CVEs as of the latest MCPpedia security scan. It requires authentication to connect, which limits unauthorized access. Licensed under MIT.
How do I install Ggmcp?: Ggmcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Ggmcp do?: Ggmcp provides 5 tools: scan_project, view_incidents, create_honeytoken, get_user_info, revoke_token. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Ggmcp?: Ggmcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Ggmcp actively maintained?: Ggmcp is actively maintained — last commit was 3 days ago. It has 34 GitHub stars.