# sast-fixer-mcp: SAST Fixer MCP Server
A Model Context Protocol (MCP) server that provides dedicated handling of Static Application Security Testing (SAST) reports. It includes capabilities for parsing DOCX reports, tracking vulnerability remediation statuses, and exporting comprehensive fix reports. Seamless integration with Zhanlu AI Programmer enables automated remediation for vulnerabilities identified in SAST processes.
## Features
- **DOCX Report Processing**: Convert SAST reports from DOCX format to structured JSON
- **Vulnerability Tracking**: Track remediation status of security vulnerabilities
- **Report Generation**: Generate comprehensive CSV reports of fixed vulnerabilities
- **MCP Integration**: Full integration with Model Context Protocol servers
- **Automated Workflow**: Streamlined vulnerability fixing process with AI assistance
## Available Tools
- **convert_sast_docx_to_json** - Converts SAST reports from DOCX format to JSON
- `file_path` (string, required): Path to the SAST report DOCX file
- **get_pending_vulnerability_json_files** - Retrieves all pending vulnerability JSON files (`_new.json`) from the `.scanissuefix` directory
- **generate_csv_report** - Generates a CSV report from all resolved vulnerability JSON files (`_finished.json`)
## Prerequisites
* **Python 3.10 or higher** is required. Verify your Python version:
```bash
python --version # or python3 --version
```
* Check if you have the appropriate Python environment installed:
```bash
which python # or which python3
```
### Install Python
If you do not have Python installed or your version is not match the prerequisites, it's recommended to install the most stable version of Python 3.12 using the following direct download links:
* **Mac**: [Download Python 3.12 for macOS](https://mirrors.aliyun.com/python-release/macos/python-3.12.10-macos11.pkg)
* For silent installation on macOS:
```bash
sudo installer -pkg /path/to/python-3.12.4-macos11.pkg -target /
```
* **Windows**: [Download Python 3.12 for Windows](https://mirrors.aliyun.com/python-release/windows/python-3.12.9-amd64.exe)
* For silent installation on Windows, run:
```bash
python-3.12.4-amd64.exe /quiet InstallAllUsers=1 PrependPath=1 Include_test=0
```
### Upgrade Python
If your current Python version does not meet the required standard, download and install the recommended Python 3.12 version using the above links. Ensure your system's PATH points to the new Python installation.
## Installation
### Using uv (Recommended)
First, install `uv` if you haven't already:
```bash
pip install uv
```
When using [`uv`](https://docs.astral.sh/uv/) no specific installation is needed. We will use [`uvx`](https://docs.astral.sh/uv/guides/tools/) to directly run *sast-fixer-mcp*.
Run the SAST Fixer MCP server directly:
```bash
uvx sast-fixer-mcp
```
### Using pip
Alternatively you can install `sast-fixer-mcp` via pip:
```bash
pip install sast-fixer-mcp
```
After installation, you can run it as a script using:
```bash
python -m sast_fixer_mcp
```
## Configuration
### Usage with VS Code Extension zhanlu AI Programmer
For manual installation, add the following JSON block to your User Settings (JSON) file in VS Code.
<details>
<summary>Using uvx</summary>
```json
{
"mcpServers": {
"sast-fixer-mcp": {
"command": "uvx",
"args": ["sast-fixer-mcp"]
}
}
}
```
</details>
<details>
<summary>Using pip installation</summary>
```json
{
"mcpServers": {
"sast-fixer-mcp": {
"command": "python",
"args": ["-m", "sast_fixer_mcp"]
}
}
}
```
</details>
**Configuration Notes:**
- For specific Python environments, use `which python` to get the full path. For venv or conda environments, specify the absolute path to the python executable.
- For large SAST reports, increase the `timeout` setting to avoid timeouts.
## Usage Workflow
1. **Obtain SAST Report**: Get the SAST report Word document for your target codebase
2. **Setup Repository**: Clone the codebase and switch to the appropriate branch
3. **Start Analysis**: Use AI assistant with SAST Fixer MCP integration for security vulnerability analysis
4. **Process Report**: Convert DOCX report to JSON format using the `convert_sast_docx_to_json` tool
5. **Track Progress**: Monitor vulnerability remediation using pending and completed file tracking
6. **Generate Reports**: Create comprehensive CSV reports of fixed vulnerabilities
**Important Notes:**
- Ensure your working directory is positioned at the project root during the fixing process
- For continued analysis, use natural language commands like: "continue fixing", "generate csv report", "analyze vulnerabilities", etc.
- The tool creates a `.scanissuefix` directory to track vulnerability status
## Debugging
You can use the MCP inspector to debug the server. For uvx installations:
```bash
npx @modelcontextprotocol/inspector uvx sast-fixer-mcp
```
Or if you've installed the package in a specific directory or are developing on it:
```bash
cd path/to/servers/src/sast_fixer_mcp
npx @modelcontextprotocol/inspector uv run sast-fixer-mcp
```
## Development
If you are doing local development, there are two ways to test your changes:
1. **Run the MCP inspector** to test your changes. See [Debugging](#debugging) for run instructions.
### Local Development Setup
For local development:
```bash
cd src/sast_fixer_mcp
uv sync
uv run python -m sast_fixer_mcp --verbose --working-directory /path/to/test/project
```
Run tests:
```bash
uv run pytest
```
Run linting and type checking:
```bash
uv run ruff check
uv run pyright
```
## License
MIT License - see LICENSE file for details.
Raw data
{
"_id": null,
"home_page": null,
"name": "sast-fixer-mcp",
"maintainer": "zhanlu",
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "llm, mcp, sast, security, vulnerability",
"author": "zhanlu",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/8a/b7/382ea845fe3673d099c6292d2112d5f2525d95e95ff9d30767ae15524203/sast_fixer_mcp-1.0.5.tar.gz",
"platform": null,
"description": "# sast-fixer-mcp: SAST Fixer MCP Server\n\nA Model Context Protocol (MCP) server that provides dedicated handling of Static Application Security Testing (SAST) reports. It includes capabilities for parsing DOCX reports, tracking vulnerability remediation statuses, and exporting comprehensive fix reports. Seamless integration with Zhanlu AI Programmer enables automated remediation for vulnerabilities identified in SAST processes.\n\n\n## Features\n\n- **DOCX Report Processing**: Convert SAST reports from DOCX format to structured JSON\n- **Vulnerability Tracking**: Track remediation status of security vulnerabilities \n- **Report Generation**: Generate comprehensive CSV reports of fixed vulnerabilities\n- **MCP Integration**: Full integration with Model Context Protocol servers\n- **Automated Workflow**: Streamlined vulnerability fixing process with AI assistance\n\n## Available Tools\n\n- **convert_sast_docx_to_json** - Converts SAST reports from DOCX format to JSON\n - `file_path` (string, required): Path to the SAST report DOCX file\n\n- **get_pending_vulnerability_json_files** - Retrieves all pending vulnerability JSON files (`_new.json`) from the `.scanissuefix` directory\n\n- **generate_csv_report** - Generates a CSV report from all resolved vulnerability JSON files (`_finished.json`)\n\n\n## Prerequisites\n\n* **Python 3.10 or higher** is required. Verify your Python version:\n\n```bash\npython --version # or python3 --version\n```\n\n* Check if you have the appropriate Python environment installed:\n\n```bash\nwhich python # or which python3\n```\n\n\n### Install Python\n\nIf you do not have Python installed or your version is not match the prerequisites, it's recommended to install the most stable version of Python 3.12 using the following direct download links:\n\n* **Mac**: [Download Python 3.12 for macOS](https://mirrors.aliyun.com/python-release/macos/python-3.12.10-macos11.pkg)\n\n * For silent installation on macOS:\n\n ```bash\n sudo installer -pkg /path/to/python-3.12.4-macos11.pkg -target /\n ```\n\n* **Windows**: [Download Python 3.12 for Windows](https://mirrors.aliyun.com/python-release/windows/python-3.12.9-amd64.exe)\n\n * For silent installation on Windows, run:\n\n ```bash\n python-3.12.4-amd64.exe /quiet InstallAllUsers=1 PrependPath=1 Include_test=0\n ```\n\n### Upgrade Python\n\nIf your current Python version does not meet the required standard, download and install the recommended Python 3.12 version using the above links. Ensure your system's PATH points to the new Python installation.\n\n\n## Installation\n\n### Using uv (Recommended)\n\nFirst, install `uv` if you haven't already:\n\n```bash\npip install uv\n```\n\nWhen using [`uv`](https://docs.astral.sh/uv/) no specific installation is needed. We will use [`uvx`](https://docs.astral.sh/uv/guides/tools/) to directly run *sast-fixer-mcp*.\n\nRun the SAST Fixer MCP server directly:\n\n```bash\nuvx sast-fixer-mcp\n```\n\n\n### Using pip\n\nAlternatively you can install `sast-fixer-mcp` via pip:\n\n```bash\npip install sast-fixer-mcp\n```\n\nAfter installation, you can run it as a script using:\n\n```bash\npython -m sast_fixer_mcp\n```\n\n\n## Configuration\n\n### Usage with VS Code Extension zhanlu AI Programmer\n\nFor manual installation, add the following JSON block to your User Settings (JSON) file in VS Code.\n\n<details>\n<summary>Using uvx</summary>\n\n```json\n{\n \"mcpServers\": {\n \"sast-fixer-mcp\": {\n \"command\": \"uvx\",\n \"args\": [\"sast-fixer-mcp\"]\n }\n }\n}\n```\n</details>\n\n<details>\n<summary>Using pip installation</summary>\n\n```json\n{\n \"mcpServers\": {\n \"sast-fixer-mcp\": {\n \"command\": \"python\",\n \"args\": [\"-m\", \"sast_fixer_mcp\"]\n }\n }\n}\n```\n</details>\n\n**Configuration Notes:**\n- For specific Python environments, use `which python` to get the full path. For venv or conda environments, specify the absolute path to the python executable.\n- For large SAST reports, increase the `timeout` setting to avoid timeouts.\n\n## Usage Workflow\n\n1. **Obtain SAST Report**: Get the SAST report Word document for your target codebase\n2. **Setup Repository**: Clone the codebase and switch to the appropriate branch \n3. **Start Analysis**: Use AI assistant with SAST Fixer MCP integration for security vulnerability analysis\n4. **Process Report**: Convert DOCX report to JSON format using the `convert_sast_docx_to_json` tool\n5. **Track Progress**: Monitor vulnerability remediation using pending and completed file tracking\n6. **Generate Reports**: Create comprehensive CSV reports of fixed vulnerabilities\n\n**Important Notes:**\n- Ensure your working directory is positioned at the project root during the fixing process\n- For continued analysis, use natural language commands like: \"continue fixing\", \"generate csv report\", \"analyze vulnerabilities\", etc.\n- The tool creates a `.scanissuefix` directory to track vulnerability status\n\n## Debugging\n\nYou can use the MCP inspector to debug the server. For uvx installations:\n\n```bash\nnpx @modelcontextprotocol/inspector uvx sast-fixer-mcp\n```\n\nOr if you've installed the package in a specific directory or are developing on it:\n\n```bash\ncd path/to/servers/src/sast_fixer_mcp\nnpx @modelcontextprotocol/inspector uv run sast-fixer-mcp\n```\n\n\n## Development\n\nIf you are doing local development, there are two ways to test your changes:\n\n1. **Run the MCP inspector** to test your changes. See [Debugging](#debugging) for run instructions.\n\n\n\n### Local Development Setup\n\nFor local development:\n\n```bash\ncd src/sast_fixer_mcp\nuv sync\nuv run python -m sast_fixer_mcp --verbose --working-directory /path/to/test/project\n```\n\nRun tests:\n\n```bash\nuv run pytest\n```\n\nRun linting and type checking:\n\n```bash\nuv run ruff check\nuv run pyright\n```\n\n## License\n\nMIT License - see LICENSE file for details.",
"bugtrack_url": null,
"license": "MIT",
"summary": "SAST vulnerability fixing service for MCP",
"version": "1.0.5",
"project_urls": null,
"split_keywords": [
"llm",
" mcp",
" sast",
" security",
" vulnerability"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "ac6793c00fd775107a4b5d9551c7bad660f6bd75c8cab077156f1c4004bb6db5",
"md5": "4b0f5548b956127c01f3a7d7816be617",
"sha256": "e3faf3dac393d9d650b52c5f7f6a9b19280874b793b86b6f98f0c3cbb9ae06b5"
},
"downloads": -1,
"filename": "sast_fixer_mcp-1.0.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4b0f5548b956127c01f3a7d7816be617",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 8692,
"upload_time": "2025-08-07T06:38:55",
"upload_time_iso_8601": "2025-08-07T06:38:55.127135Z",
"url": "https://files.pythonhosted.org/packages/ac/67/93c00fd775107a4b5d9551c7bad660f6bd75c8cab077156f1c4004bb6db5/sast_fixer_mcp-1.0.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "8ab7382ea845fe3673d099c6292d2112d5f2525d95e95ff9d30767ae15524203",
"md5": "d287f59258487a366295012864621e72",
"sha256": "24752a3bf33d99af2b6f19103ba19252a38666f0274a6ca7abc34bab5003af3a"
},
"downloads": -1,
"filename": "sast_fixer_mcp-1.0.5.tar.gz",
"has_sig": false,
"md5_digest": "d287f59258487a366295012864621e72",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 1113597,
"upload_time": "2025-08-07T06:38:58",
"upload_time_iso_8601": "2025-08-07T06:38:58.348980Z",
"url": "https://files.pythonhosted.org/packages/8a/b7/382ea845fe3673d099c6292d2112d5f2525d95e95ff9d30767ae15524203/sast_fixer_mcp-1.0.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-07 06:38:58",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "sast-fixer-mcp"
}
JSON