You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Remote http/sse servers have no source files or Docker container, so every
bundled (Docker-image) scanner prefails on image availability and the engine
reports "all scanners failed" / "No Source Available" with Risk 0 — even though
the connected server's tool descriptions/schemas are available and should still
get a Tool-Poisoning-Attack scan.
Add a built-in, Docker-less scanner `tpa-descriptions` that runs in-process for
any connected server:
- ScannerPlugin gains an InProcess flag; such scanners seed as "installed"
(always on) and skip the Docker image-availability gate.
- The engine branches to runInProcessScanner, which reads the exported
tools.json and runs description/schema heuristics (hidden instructions,
prompt-injection phrasing, data-exfiltration hints) plus embedded-secret
detection via the existing security.Detector.
- The description scan is a Pass-1 concern; Pass-2 (supply chain audit) skips it.
Result: a remote server with no source still produces a real description-based
TPA scan + risk score that COMPLETES, instead of the dead-end.
Related MCP-2082
trivy-mcp Trivy Vulnerability... Aqua Security available source, container_image
58
59
```
59
60
61
+
> `tpa-descriptions` is a built-in, **Docker-less** scanner and is `installed` (always on) out of the box — there is no image to pull. It analyzes a connected server's tool descriptions/schemas in-process, so it runs even for **remote `http`/`sse` servers** that have no source files or Docker container.
MCPProxy ships with a bundled registry of 7 scanners. The bundled list lives in [`internal/security/scanner/registry_bundled.go`](https://github.com/smart-mcp-proxy/mcpproxy-go/blob/main/internal/security/scanner/registry_bundled.go).
111
+
MCPProxy ships with a bundled registry of 8 scanners. The bundled list lives in [`internal/security/scanner/registry_bundled.go`](https://github.com/smart-mcp-proxy/mcpproxy-go/blob/main/internal/security/scanner/registry_bundled.go).
|`ramparts`| Javelin | source | — | Rust-based YARA scanner. *(Known upstream issue on arm64 macOS — see [Scanner Images](/features/scanner-images).)*|
117
120
|`semgrep-mcp`| Semgrep | source | — | Static analysis with MCP-specific rules. Uses the upstream `returntocorp/semgrep:latest` image. |
121
+
|`tpa-descriptions`| MCPProxy | source | — |**Built-in, Docker-less, always on.** In-process analysis of tool descriptions/schemas for Tool-Poisoning-Attack indicators (hidden instructions, prompt-injection phrasing, data-exfiltration hints) and embedded secrets. Runs for any connected server — including remote `http`/`sse` servers with no source or Docker. |
118
122
|`trivy-mcp`| Aqua Security | source, container_image | — | Filesystem + CVE scan. Uses the upstream `ghcr.io/aquasecurity/trivy:latest` image. |
119
123
120
124
See [Scanner Images](/features/scanner-images) for the image sources and why vendor images are preferred over custom wrappers.
0 commit comments