Add security audit tool (MCP + CLI) by villelaitila · Pull Request #21 · softagram/sgraph-mcp-server

villelaitila · 2026-03-21T06:25:10Z

Summary

New SecurityService that traverses an sgraph model and collects security data across 6 dimensions: secrets, vulnerabilities, EOL/outdated, risk levels, Backstage metadata, and bus factor
New sgraph_security_audit MCP tool in the claude-code profile — returns structured JSON for AI agents
New security_report_cli.py CLI — generates markdown reports for humans
Non-code files (XML, JSON, YAML, etc.) excluded from bus factor analysis
38 unit tests, all passing
Full documentation with examples in SGRAPH_FOR_CLAUDE_CODE.md

Security dimensions

Dimension	What it finds
secrets	API keys, tokens, national IDs committed to code
vulnerabilities	Known CVEs in dependencies, by severity
outdated	End-of-life frameworks, approaching-EOL packages
risk	Code quality metrics (Softagram Index 0-100)
backstage	Service catalog: owners, lifecycle, public exposure
bus_factor	Single-author critical files, low-author repos

Files

src/services/security_service.py — core audit logic (single traversal, iterative)
src/services/__init__.py — updated exports
src/tools/security_report_cli.py — CLI entry point
src/profiles/claude_code.py — MCP tool registration
tests/unit/test_security_service.py — 38 unit tests
SGRAPH_FOR_CLAUDE_CODE.md, README.md, CLAUDE.md — documentation

Test plan

Unit tests: 38 tests covering all 6 dimensions, scope filtering, top_n limiting, empty models, non-code file exclusion
CLI smoke test with real model (arkkikaluste-odoo)
MCP tool tested live via Claude Code session

Traverses sgraph model collecting secrets, vulnerabilities, outdated dependencies, risk metrics, backstage metadata, and bus factor data. 35 unit tests with synthetic models cover all dimensions.

villelaitila added 7 commits March 21, 2026 07:43

Add SecurityService with 6 security audit dimensions

3af71db

Traverses sgraph model collecting secrets, vulnerabilities, outdated dependencies, risk metrics, backstage metadata, and bus factor data. 35 unit tests with synthetic models cover all dimensions.

feat: export SecurityService from services package

f15ce4d

test: add top_n limiting tests for SecurityService

84fe24f

feat: add security report CLI tool

615da0f

feat: add sgraph_security_audit MCP tool to claude-code profile

5729a6d

fix: exclude non-code files (xml, json, etc.) from bus factor analysis

214d9d2

docs: add sgraph_security_audit tool documentation with examples

2a45f1b

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add security audit tool (MCP + CLI)#21

Add security audit tool (MCP + CLI)#21
villelaitila wants to merge 7 commits intosoftagram:mainfrom
villelaitila:feature/security-audit-tool

villelaitila commented Mar 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

villelaitila commented Mar 21, 2026

Summary

Security dimensions

Files

Test plan

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant