# Trust

Detect live website vulnerabilities and security flaws in GitHub repositories using automated DAST and SAST scanning. Safeguard applications by identifying exposed secrets, insecure dependencies, and…

## Quick Start

```bash
# Connect this server (installs CLI if needed)
npx -y smithery mcp add trust-security/scanner

# Browse available tools
npx -y smithery tool list trust-security/scanner

# Get full schema for a tool
npx -y smithery tool get trust-security/scanner scan_and_wait

# Call a tool
npx -y smithery tool call trust-security/scanner scan_and_wait '{}'
```

## Direct MCP Connection

Endpoint: `https://scanner--trust-security.run.tools`

**Optional config:**
- `backendUrl` (query) — Trust Security backend API URL. Uses the default hosted backend if not provided.
- `scanTimeout` (query) — Maximum wait time in seconds to wait for scan results

## Tools (9)

- `scan_and_wait`
- `scan_url`
- `get_scan_result`
- `scan_repo_and_wait`
- `scan_repo`
- `get_repo_scan_result`
- `get_fix_plan`
- `analyze_code_security`
- `check_secrets`

```bash
# Get full input/output schema for a tool
npx -y smithery tool get trust-security/scanner <tool-name>
```

## Resources

- `trust://scans/latest` — Most recent scan result with score, grade, and vulnerability summary.
- `trust://scans/history` — Recent scan history (last 10 scans) with targets, scores, and grades.
- `trust://security/posture` — Aggregated security posture: average score, trend, common vulnerability types.

## Prompts (3)

- `security_audit` — Comprehensive security audit of a website or GitHub repo
- `fix_vulnerabilities` — Generate fix code for discovered vulnerabilities
- `code_review` — Review code for security vulnerabilities and exposed secrets