Submit

Argus: GitLab Repository Analysis and Security Tools

Argus - Repository Analysis and Security Assessment Tool

A powerful Model Context Protocol (MCP) tool for analyzing code repositories, performing security scans, and assessing code quality across multiple programming languages.

Features

  • Multi-Language Support

    • Go: gocyclo, golangci-lint analysis
    • Java: PMD static analysis
    • Python: Pylint, Bandit security checks
    • JavaScript/TypeScript: ESLint analysis
    • Automatic language detection

  • Security Scanning

    • Integrated Trivy vulnerability scanner
    • Comprehensive security reports
    • Support for multiple branches

  • Git Operations

    • Branch enumeration and management
    • Commit history analysis
    • Diff comparisons
    • Repository structure visualization

Installation

Prerequisites

  • Python 3.8+
  • Git
  • libmagic (system dependency)

System Dependencies

macOS
brew install libmagic
Linux (Ubuntu/Debian)
sudo apt-get update
sudo apt-get install -y libmagic1

Installation via uv

uvx argus

Usage

Basic MCP Commands

# Analyze repository structure
analyze_repository_structure(
    repo_url="https://gitlab.com/user/repo",
    gitlab_credentials={"api_key": "your-token"},  # Optional
    branch="main"  # Optional
)

# Perform code quality analysis
analyze_code_quality(
    repo_url="https://gitlab.com/user/repo",
    language="python"  # Optional, will auto-detect if not specified
)

# Security scan
security_scan_repository(
    repo_url="https://gitlab.com/user/repo",
    scan_type="trivy"
)

# Compare changes
compare_git_changes(
    repo_url="https://gitlab.com/user/repo",
    source="feature-branch",
    target="main"
)

# Security scan repository
security_scan_repository(
    repo_url="https://gitlab.com/user/repo",
    scan_type="trivy"
)

### MCP Configuration

```json
{
    "command": "uvx",
    "args": [
        "--from",
        "git+https://github.com/athapong/argus",
        "argus"
    ],
    "alwaysAllow": [
        "get_commit_history",
        "enumerate_branches",
        "compare_git_changes",
        "analyze_code_quality",
        "security_scan_repository"  
    ],
    "timeout": 300
}

Supported Analysis Tools

Language Tools Installation
Go gocyclo, golangci-lint go install github.com/fzipp/gocyclo/cmd/gocyclo@latest
Java PMD macOS: brew install pmd, Linux: Auto-installed
Python Pylint, Bandit Auto-installed via dependencies
JavaScript ESLint npm install -g eslint

Environment Variables

  • SKIP_SYSTEM_CHECK: Set to any value to skip system dependency checks
  • PATH: Automatically updated for tool installations

Error Handling

The tool provides detailed error messages and graceful fallbacks:

  • Dependency installation failures show warnings instead of errors
  • Language detection falls back to specified language if auto-detection fails
  • Tool execution errors are captured in the response structure

License

MIT License

Contributing

  1. Fork the repository
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a new Pull Request

MCP Server ยท Populars

MCP Server ยท New

    YV17labs

    ghostdesk

    Give any AI agent a full desktop โ€” it sees the screen, clicks, types, and runs apps like a human. Automate anything with a UI: browsers, legacy software, internal tools. No API needed. One Docker command.

    Community YV17labs
    remotebrowser

    mcp

    Free your data

    Community remotebrowser
    Decodo

    Decodo MCP Server

    The Decodo MCP server which enables MCP clients to interface with services.

    Community Decodo
    kuberstar

    Qartez MCP

    Semantic code intelligence MCP server for Claude Code - project maps, symbol search, impact analysis, and more

    Community kuberstar
    aovestdipaperino

    tokensave

    Rust port of CodeGraph โ€” a local-first code intelligence system that builds semantic knowledge graphs from codebases. Ported from the original TypeScript implementation by @colbymchenry.

    Community aovestdipaperino