π‘οΈ Security evaluation for software packages with Claude Desktop integration
The OpenSSF Security Evaluator is a FastMCP server that provides comprehensive security analysis for software packages across multiple ecosystems. It integrates seamlessly with Claude Desktop to provide AI-powered security evaluation capabilities.
- Vulnerability Scanning - Real-time vulnerability detection via OSV.dev
- Supply Chain Protection - Typosquatting and malicious package detection
- Version-Specific Analysis - Evaluate specific package versions
- Risk Scoring - 0-100 security scoring system
- GitHub Security Analysis - Repository health and maintenance metrics
- npm (JavaScript/Node.js) - β Full support
- PyPI (Python) - β Full support
- Cargo (Rust) - β Full support
- Maven (Java) - β Full support
- NuGet (.NET) - β Full support
- RubyGems (Ruby) - β Full support
- Go Modules - π‘ Basic support
- Enhanced Ranking - Multi-factor compatibility scoring
- Curated Alternatives - AI-picked alternatives for popular packages
- License Compatibility - Automatic license checking
- Python 3.8 or higher
- Claude Desktop application
# Create project directory
mkdir openssf-evaluator
cd openssf-evaluator
# Download the files (or clone if using git)
# Place evaluator.py, requirements.txt, openssf_config.ini in this directory