Summary
Runs local vulnerability scans against your project dependencies, IDE extensions, and dev tools without uploading anything. Pulls from OSV, NVD, GHSA, and Sonatype, then prioritizes findings using KEV and EPSS. Works out of the box with no API keys, though you can add GitHub and NVD tokens for deeper coverage. Exposes scan operations through MCP that let Claude analyze your package.json, requirements.txt, or installed VS Code extensions and return CVE reports with severity scores. Useful when you want supply chain security checks embedded in your editor workflow rather than a separate CI step. Supports offline mode if you need to scan without network access.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
TridentChain Security
Local-first vulnerability scanner for project dependencies, developer tools, and IDE extensions.
Uses multi-source intelligence (OSV, NVD, GHSA, Sonatype) with KEV/EPSS prioritization.
No API key required for default usage.
Public repo: https://github.com/DevInder1/supply-chain-scanner-public
Install (plug and play)
pip3 install tridentchain-security
npm install -g @tridentchain/security-cli
tridentchain-security --help
Agents & MCP (Claude, Cursor, VS Code):
pip3 install "tridentchain-security>=0.1.1" tridentchain-mcp
What you can do: docs/CAPABILITIES.md
Full guide: docs/INSTALL_AND_USE.md
Cross-platform (macOS / Linux / Windows): docs/CROSS_PLATFORM.md
(PyPI: tridentchain-security · npm: @tridentchain/security-cli)
tridentchain-security --scan all --project-path . --output-dir scanner-output
Use in your own Python app
from scanner import run_scan
summary = run_scan(
project_path=".",
scan="all",
run_profile="full", # no API key required
output_dir="scanner-output",
)
print(summary["summary"])
Scan profiles
| Profile | Description |
|---|---|
full (default) | Project + system + extensions. OSV + NVD without keys. |
quick | Faster project-focused scan. |
offline | Local advisory DB only, no network. |
| Power-user | Add GITHUB_TOKEN, NVD_API_KEY, optional SONATYPE_TOKEN for best coverage. |
Desktop app (individual application)
No repo clone required if the pip package is installed:
pip3 install tridentchain-security
cd apps/desktop && npm install && npm run start
See apps/desktop/README.md and docs/DISTRIBUTION_VERIFICATION.md.
AI / automation (Claude, OpenAI, Cursor, VS Code, Windsurf, …)
One install, every agent: pip install "tridentchain-security>=0.1.2" tridentchain-mcp
| Guide | Description |
|---|---|
| Agent integrations | Claude · OpenAI · Cursor · VS Code · Windsurf · Zed · MCP · CLI |
| Capabilities | Everything you can do today |
| Architecture | MCP + unified tools design |
./scripts/setup-agent-mcp.sh cursor # prints setup for your agent
Phase 2 — Claude MCP: pip install tridentchain-mcp · Setup guide · Plugin
Phase 3 — OpenAI + Cursor: examples/openai/ · Cursor setup · .cursor/mcp.json.example
Phase 4 — VS Code (Anthropic MCP): Open repo → MCP ready · VS Code setup · ./scripts/vscode-mcp-install-link.sh · extension
Phase 5 — Validate: tridentchain-security --validate · MCP validate_after_patch · CAPABILITIES.md
Unified tool layer: from scanner.integrations import execute_tool, get_tool_definitions, to_openai_tools
Development
git clone https://github.com/DevInder1/supply-chain-scanner-public.git
cd supply-chain-scanner-public
python3 -m pip install -e .
tridentchain-security --help
python3 -m unittest scanner.tests.test_matcher_ranges -v
Install & use: docs/INSTALL_AND_USE.md
Cross-platform: docs/CROSS_PLATFORM.md
CLI contract: docs/cli-contract.md
Publishing: docs/PUBLISHING.md
Optional API keys (power users)
| Variable | Purpose |
|---|---|
NVD_API_KEY | Higher NVD rate limits |
GITHUB_TOKEN | GHSA advisories |
SONATYPE_TOKEN | Sonatype Guide advisories |
Set in .env or environment variables.
License
MIT — see LICENSE
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
Packagetridentchain-mcp
TransportSTDIO
UpdatedJun 9, 2026
