{"id":35890402,"url":"https://github.com/mobb-dev/bugsy","last_synced_at":"2026-01-15T14:00:42.366Z","repository":{"id":181053334,"uuid":"666125187","full_name":"mobb-dev/bugsy","owner":"mobb-dev","description":"Automatic security vulnerability remediation for your code.","archived":false,"fork":false,"pushed_at":"2026-01-13T21:17:20.000Z","size":4829,"stargazers_count":64,"open_issues_count":1,"forks_count":13,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-13T23:51:22.507Z","etag":null,"topics":["ai","code-assistant","mcp","npm-package","remediation","security","security-tools"],"latest_commit_sha":null,"homepage":"https://mobb.ai","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mobb-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-07-13T19:16:40.000Z","updated_at":"2026-01-13T21:17:24.000Z","dependencies_parsed_at":"2025-12-28T16:06:08.905Z","dependency_job_id":null,"html_url":"https://github.com/mobb-dev/bugsy","commit_stats":{"total_commits":119,"total_committers":3,"mean_commits":"39.666666666666664","dds":0.07563025210084029,"last_synced_commit":"96bfee665c636f71198a1674e3c9cd33dcb4f781"},"previous_names":["mobb-dev/bugsy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mobb-dev/bugsy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobb-dev%2Fbugsy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobb-dev%2Fbugsy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobb-dev%2Fbugsy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobb-dev%2Fbugsy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mobb-dev","download_url":"https://codeload.github.com/mobb-dev/bugsy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobb-dev%2Fbugsy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28452881,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-15T13:44:33.145Z","status":"ssl_error","status_checked_at":"2026-01-15T13:44:32.843Z","response_time":62,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","code-assistant","mcp","npm-package","remediation","security","security-tools"],"created_at":"2026-01-09T06:00:22.614Z","updated_at":"2026-01-15T14:00:42.358Z","avatar_url":"https://github.com/mobb-dev.png","language":"TypeScript","readme":"# Bugsy\n\nBugsy is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code. It is the community edition version of [Mobb](https://mobb.ai), the first vendor-agnostic automated security vulnerability remediation tool. Bugsy is designed to help developers quickly identify and fix security vulnerabilities in their code.\n\n\u003cimg width=\"1888\" alt=\"Bugsy\" src=\"./img/bugsy2.png\"\u003e\n\n## What is [Mobb](https://mobb.ai)?\n\n[Mobb](https://mobb.ai) is the first vendor-agnostic automatic security vulnerability remediation tool. It ingests SAST results from Checkmarx, CodeQL (GitHub Advanced Security), OpenText Fortify, and Snyk and produces code fixes for developers to review and commit to their code.\n\n## What does Bugsy do?\n\nBugsy has two modes - Scan (no SAST report needed) \u0026 Analyze (the user needs to provide a pre-generated SAST report from one of the supported SAST tools).\n\nScan\n\n- Uses Checkmarx or Snyk CLI tools to run a SAST scan on a given open-source GitHub/GitLab/ADO repo\n- Analyzes the vulnerability report to identify issues that can be remediated automatically\n- Produces the code fixes and redirects the user to the fix report page on the Mobb platform\n\nAnalyze\n\n- Analyzes the a Checkmarx/CodeQL/Fortify/Snyk vulnerability report to identify issues that can be remediated automatically\n- Produces the code fixes and redirects the user to the fix report page on the Mobb platform\n\n## Disclaimer\n\nThis is a community edition version that only analyzes public GitHub repositories. Analyzing private repositories is allowed for a limited amount of time.\nBugsy does not detect any vulnerabilities in your code, it uses findings detected by the SAST tools mentioned above.\n\n## Usage\n\n### Command Line Interface\n\nYou can simply run Bugsy from the command line, using npx:\n\n```shell\nnpx mobbdev\n```\n\nThis will show you Bugsy's usage help:\n\n```shell\nBugsy - Trusted, Automatic Vulnerability Fixer 🕵️‍♂️\n\nUsage:\nmobbdev \u003ccommand\u003e [options]\n\n\nCommands:\n  mobbdev scan     Scan your code for vulnerabilities, get automated fixes right away.\n  mobbdev analyze  Provide a vulnerability report and relevant code repository, get automated fixes right away.\n\nOptions:\n  -h, --help  Show help                                                                                        [boolean]\n\nExamples:\n  mobbdev scan -r https://github.com/WebGoat/WebGoat  Scan an existing repository\n\nMade with ❤️ by Mobb\n```\n\nTo run a new SAST scan on a repo and get fixes, run the **Bugsy Scan** command. Example:\n\n```shell\nnpx mobbdev scan --repo https://github.com/mobb-dev/simple-vulnerable-java-project\n```\n\nTo get fixes for a pre-generated SAST report, run the **Bugsy Analyze** command. Example:\nnpx mobbdev analyze --scan-file sast_results.json --repo https://github.com/mobb-dev/simple-vulnerable-java-project\n\nBugsy will automatically generate a fix for each supported vulnerability identified in the results, and refer the developer to review and commit the fixes to their code.\n\nTo see all the options Bugsy allows, use the Scan or Analyze commands with the -h option:\n\n```shell\nnpx mobbdev scan -h\nnpx mobbdev analyze -h\n```\n\n### Model Context Protocol (MCP) Server\n\nBugsy can also be used as an MCP server, allowing AI assistants like Claude to automatically scan and fix vulnerabilities in your code repositories.\n\n#### Prerequisites\n\n1. **API Key**: You need a Mobb API key to use the MCP server functionality\n   - Sign up at [mobb.ai](https://app.mobb.ai) to get your API key\n   - Set the `API_KEY` environment variable: `export API_KEY=your_api_key_here`\n\n2. **Local Git Repository**: The MCP server analyzes git repositories with uncommitted changes\n   - Make sure your code is in a local git repository\n   - Have some modified, added, or staged files to analyze\n\n#### Installation\n\nRun mobb-mcp from command line:\n\n```shell\nnpx mobbdev mcp\n```\n\n#### Configuration\n\nAdd Mobb MCP to your Cursor MCP client configuration:\n`API_URL` is only required if you are not using https://app.mobb.ai\n\n```json\n{\n  \"mcpServers\": {\n    \"mobb-mcp\": {\n      \"command\": \"npx\",\n      \"args\": [\"mobbdev\", \"mcp\"],\n      \"env\": {\n        \"API_KEY\": \"your_mobb_api_key_here\",\n        \"API_URL\": \"optional__your_mobb_api_url_here\",\n        \"MVS_AUTO_FIX\": \"true\"\n      }\n    }\n  }\n}\n```\n\n**Environment Variables:**\n- `API_KEY`: Your Mobb API key (required)\n- `API_URL`: Custom Mobb API URL (optional, defaults to https://app.mobb.ai)\n- `MVS_AUTO_FIX`: Override auto-fix setting - set to `\"true\"` or `\"false\"` to force enable/disable automatic fix application regardless of user's database setting (optional)\n\n#### Usage\n\nOnce configured, you can use the MCP server through your AI assistant:\n\n1. **Ask Claude to scan for vulnerabilities**:\n   ```\n   run a scan with mobb-mcp\n   ```\n   or\n   ```\n   run fix-vulnerabilities mcp tool\n   ```\n\n2. **The MCP server will**:\n   - Validate the repository path\n   - Check for git changes (modified, added, or staged files)\n   - Upload the changed files for analysis\n   - Generate automated fixes for detected vulnerabilities\n   - Return detailed fix recommendations\n\n#### Available MCP Tools\n\n- **`fix_vulnerabilities`**: Scans the current code changes and returns fixes for potential vulnerabilities\n  - **Parameter**: `path` (string) - The path to the local git repository\n  - **Returns**: Detailed vulnerability fixes with code patches and explanations\n\n#### Example MCP Workflow\n\n1. Make changes to your code\n2. Stage or modify files in git\n3. Ask your AI assistant: \"Can you check my code for security vulnerabilities?\"\n4. The assistant will use the MCP server to analyze your changes\n5. Receive detailed fix recommendations with code patches\n\n#### Troubleshooting\n\n- **\"API_KEY environment variable is not set\"**: Make sure you've set your Mobb API key\n- **\"Path is not a valid git repository\"**: Ensure you're pointing to a valid git repository\n- **\"No changed files found\"**: Make sure you have modified, added, or staged files in your repository\n\n## Using Bugsy as part of a CI/CD pipeline\n\nIf you utilize SAST scans as part of the CI/CD pipeline, Bugsy can be easiy added and provide immediate fix for every issue detected.\nHere is a simple example of a command line that will run Bugsy in your pipeline:\n\n```shell\nnpx mobbdev analyze --ci --scan-file $SAST_RESULTS_FILENAME --repo $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEY\n```\n\n## Contribution\n\nInstall the dependencies and run the tests:\n\n```shell\npnpm install\n\n# or use npm run build:dev to watch for changes\npnpm run build\n\n# or use npm test:watch to watch for changes\npnpm run test\n```\n\n### Debugging\n\nIf you're using VSCode, you can use the `launch.json` file to debug the code. Run the `CLI tests` configuration to continuously run and debug the tests.\n\n## Getting support\n\nIf you need support using Bugsy or just want to share your thoughts and learn more, you are more than welcome to join our [discord server](https://bit.ly/Mobb-discord)\n","funding_links":[],"categories":["Security"],"sub_categories":["Pentesting \u0026 OSINT"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobb-dev%2Fbugsy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmobb-dev%2Fbugsy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobb-dev%2Fbugsy/lists"}