Configuration Reference
Complete configuration guide for Security Scanner MCP.
Configuration Files
.securityscannerrc
Create in project root:
{
"version": "1.0",
"exclude": [
"node_modules/**",
"dist/**",
"build/**",
"*.test.js",
"*.spec.ts"
],
"include": [
"src/**/*.js",
"src/**/*.ts",
"lib/**/*.py"
],
"severity": {
"minLevel": "medium",
"failOn": ["critical", "high"]
},
"rules": {
"secrets": {
"enabled": true,
"patterns": "default"
},
"injection": {
"enabled": true,
"sql": true,
"nosql": true,
"command": true
},
"xss": {
"enabled": true,
"strictMode": false
},
"crypto": {
"enabled": true,
"allowedAlgorithms": ["sha256", "sha512", "bcrypt"]
},
"auth": {
"enabled": true,
"enforceHttpOnly": true,
"enforceSecure": true
},
"path": {
"enabled": true,
"checkTraversal": true
}
},
"output": {
"format": "json",
"verbose": false,
"colors": true
}
}
Package.json Integration
{
"securityScanner": {
"exclude": ["test/**"],
"severity": {
"minLevel": "high"
}
}
}
Rule Configuration
Enable/Disable Rules
{
"rules": {
"secrets": true, // Enable
"injection": false, // Disable
"xss": { // Detailed config
"enabled": true,
"detectInnerHTML": true,
"detectEval": true,
"detectDocumentWrite": false
}
}
}
Custom Severity Levels
{
"severity": {
"minLevel": "medium",
"custom": {
"sql-injection": "critical",
"xss-innerHTML": "high",
"weak-crypto": "medium"
}
}
}
Custom Patterns
{
"customPatterns": {
"secrets": [
{
"name": "Custom API Key",
"pattern": "custom_api_[0-9a-z]{32}",
"severity": "critical"
}
],
"injection": [
{
"name": "GraphQL Injection",
"pattern": "\\$\\{.*query.*\\}",
"severity": "high"
}
]
}
}
Environment Variables
Scanner Configuration
# Verbosity
export SCANNER_VERBOSE=true
export SCANNER_DEBUG=false
# Output format
export SCANNER_OUTPUT=json # json | text | sarif
# Severity filtering
export SCANNER_MIN_SEVERITY=high
# Performance
export SCANNER_PARALLEL=true
export SCANNER_MAX_FILES=1000
Sandbox Configuration
# Docker settings
export SANDBOX_MEMORY=1g
export SANDBOX_CPU=1.0
export SANDBOX_TIMEOUT=60000
# Network
export SANDBOX_NETWORK=none
# Tool versions
export TRIVY_VERSION=0.50.4
export GITLEAKS_VERSION=8.18.4
MCP Server Configuration
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"security-scanner": {
"command": "security-scanner-mcp",
"args": [],
"env": {
"SCANNER_MIN_SEVERITY": "high"
}
}
}
}
Claude Code CLI
claude mcp add --scope project security-scanner \
-- security-scanner-mcp \
--env SCANNER_VERBOSE=true \
--env SCANNER_MIN_SEVERITY=medium
Ignore Patterns
Inline Ignores
// security-scanner-ignore
const apiKey = "test_key_for_development";
// security-scanner-ignore-next-line
const query = `SELECT * FROM ${table}`;
/* security-scanner-disable */
const unsafe = eval(userInput);
/* security-scanner-enable */
File-level Ignores
// security-scanner-disable-file
// This file is excluded from scanning
.securityscannerignore
# Test files
*.test.js
*.spec.ts
# Generated files
**/*.generated.js
# Third-party
vendor/**
Output Configuration
Format Options
{
"output": {
"format": "json", // json | text | sarif | html
"destination": "stdout", // stdout | file
"file": "security-report.json",
"pretty": true,
"includeMetadata": true
}
}
Report Templates
{
"reporting": {
"template": "default", // default | minimal | detailed
"sections": {
"summary": true,
"diagrams": true,
"sarif": true,
"recommendations": true
},
"mermaid": {
"enabled": true,
"theme": "default"
}
}
}
Performance Tuning
Parallel Scanning
{
"performance": {
"parallel": true,
"maxWorkers": 4,
"chunkSize": 100
}
}
Caching
{
"cache": {
"enabled": true,
"ttl": 3600,
"directory": ".scanner-cache"
}
}
Resource Limits
{
"limits": {
"maxFileSize": "10MB",
"maxLines": 10000,
"timeout": 30000
}
}
Integration Settings
CI/CD
{
"ci": {
"failOnError": true,
"failOnSeverity": ["critical", "high"],
"outputFormat": "sarif",
"uploadResults": true
}
}
GitHub Integration
{
"github": {
"enableCodeScanning": true,
"sarifUpload": true,
"annotations": true,
"commentOnPR": false
}
}
Language-Specific Settings
JavaScript/TypeScript
{
"languages": {
"javascript": {
"strictMode": true,
"checkNodeModules": false,
"frameworks": ["react", "vue", "angular"]
},
"typescript": {
"strictMode": true,
"checkTypes": true
}
}
}
Python
{
"languages": {
"python": {
"version": "3.x",
"checkPickle": true,
"checkEval": true
}
}
}
Advanced Configuration
Custom Validators
// custom-validator.js
module.exports = {
validate(code, language) {
// Custom validation logic
return issues;
}
};
{
"customValidators": [
"./custom-validator.js"
]
}
Plugin System
{
"plugins": [
"@security-scanner/plugin-graphql",
"@security-scanner/plugin-kubernetes"
]
}
Configuration Precedence
- CLI arguments (highest priority)
- Environment variables
.securityscannerrcpackage.jsonsecurityScanner field- Default settings (lowest priority)
Examples
Strict Configuration
{
"severity": {
"minLevel": "low",
"failOn": ["critical", "high", "medium"]
},
"rules": {
"*": {
"enabled": true,
"strictMode": true
}
},
"output": {
"verbose": true
}
}
Permissive Configuration
{
"severity": {
"minLevel": "critical",
"failOn": ["critical"]
},
"rules": {
"secrets": true,
"injection": true,
"xss": false,
"crypto": false
}
}
Next Steps
- API Reference - Programmatic configuration
- Integration - CI/CD setup
- Vulnerabilities - Rule details