This is a submission for the GitHub Finish-Up-A-Thon Challenge
What I Built
TridentChain Security — a local-first supply-chain vulnerability scanner that finds known CVEs in your project dependencies, OS packages, and IDE extensions using OSV and NVD advisory data, all running on your machine with no source code uploaded anywhere.
It started life as a personal CLI I built to sanity-check package.json and requirements.txt files before pushing to production. I was tired of pasting lockfiles into web-based scanners and worrying about where that data went. So I wrote my own, scoped it tight, and… let it gather dust for months because it was a "me-only" tool with no integration story.
What changed: AI coding assistants exploded in 2026, and every one of them speaks MCP (Model Context Protocol). I realised the scanner could become a primitive every developer could use directly from Claude, Cursor, VS Code, Windsurf, or Zed — if only it shipped as an MCP server.
So that's what I finished.
Demo
- GitHub: https://github.com/DevInder1/supply-chain-scanner-public
- PyPI (CLI): https://pypi.org/project/tridentchain-security/
- PyPI (MCP): https://pypi.org/project/tridentchain-mcp/0.1.2/
-
Official MCP Registry listing:
io.github.DevInder1/tridentchain-securityat https://registry.modelcontextprotocol.io - Verify it's live:
bash
curl "https://registry.modelcontextprotocol.io/v0.1/servers?search=tridentchain"
pip install "tridentchain-security>=0.1.2" "tridentchain-mcp>=0.1.2"
claude mcp add tridentchain -- python3 -m tridentchain_mcp
# Then in Claude: "Scan this workspace for supply-chain vulnerabilities."
Top comments (0)