The latest articles on DEV Community by INDERPREET THIARA (@inderpreet_thiara_90072c0). https://dev.to/inderpreet_thiara_90072c0 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2326059%2F5945638f-9de9-4086-bc96-e55d1c89461c.jpg https://dev.to/inderpreet_thiara_90072c0 en INDERPREET THIARA Sun, 24 May 2026 12:27:10 +0000 https://dev.to/inderpreet_thiara_90072c0/tridentchain-security-3dh6 https://dev.to/inderpreet_thiara_90072c0/tridentchain-security-3dh6 <p><em>This is a submission for the <a href="https://dev.to/challenges/github-2026-05-21">GitHub Finish-Up-A-Thon Challenge</a></em></p> <h2> What I Built </h2> <p><strong>TridentChain Security</strong> — a local-first supply-chain vulnerability scanner that finds known CVEs in your project dependencies, OS packages, and IDE extensions using <strong>OSV</strong> and <strong>NVD</strong> advisory data, all running on your machine with no source code uploaded anywhere.</p> <p>It started life as a personal CLI I built to sanity-check <code>package.json</code> and <code>requirements.txt</code> files before pushing to production. I was tired of pasting lockfiles into web-based scanners and worrying about where that data went. So I wrote my own, scoped it tight, and… let it gather dust for months because it was a "me-only" tool with no integration story.</p> <p>What changed: AI coding assistants exploded in 2026, and every one of them speaks <strong>MCP</strong> (Model Context Protocol). I realised the scanner could become a <em>primitive</em> every developer could use directly from Claude, Cursor, VS Code, Windsurf, or Zed — if only it shipped as an MCP server.</p> <p>So that's what I finished.</p> <h2> Demo </h2> <ul> <li> <strong>GitHub:</strong> <a href="https://github.com/DevInder1/supply-chain-scanner-public" rel="noopener noreferrer">https://github.com/DevInder1/supply-chain-scanner-public</a> </li> <li> <strong>PyPI (CLI):</strong> <a href="https://pypi.org/project/tridentchain-security/" rel="noopener noreferrer">https://pypi.org/project/tridentchain-security/</a> </li> <li> <strong>PyPI (MCP):</strong> <a href="https://pypi.org/project/tridentchain-mcp/0.1.2/" rel="noopener noreferrer">https://pypi.org/project/tridentchain-mcp/0.1.2/</a> </li> <li> <strong>Official MCP Registry listing:</strong> <code>io.github.DevInder1/tridentchain-security</code> at <a href="https://registry.modelcontextprotocol.io" rel="noopener noreferrer">https://registry.modelcontextprotocol.io</a> </li> <li><strong>Verify it's live:</strong></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> bash curl "https://registry.modelcontextprotocol.io/v0.1/servers?search=tridentchain"   pip install "tridentchain-security&gt;=0.1.2" "tridentchain-mcp&gt;=0.1.2" claude mcp add tridentchain -- python3 -m tridentchain_mcp # Then in Claude: "Scan this workspace for supply-chain vulnerabilities." </code></pre> </div> devchallenge githubchallenge