medusa

MEDUSA is an AI-first security scanner with 4,000+ detection patterns designed to analyze codebases, AI/ML components, MCP servers, and related tooling for vulnerabilities. As an MCP server, Medusa exposes its scanning capabilities via the medusa CLI, which can be invoked through the Python module interface. You can run scans against a project directory to generate JSON, HTML, Markdown, or SARIF reports, and you can enable optional model scans or external linters to widen coverage. Typical usage involves installing MEDUSA, then invoking the medusa scanner against your codebase or MCP server artifacts to identify security issues, misconfigurations, and known CVE patterns.

Prerequisites:

• Python 3.10 or newer (per MEDUSA requirements)
• pip (comes with Python)

Install MEDUSA and run your first scan:

# Install MEDUSA (global or in a virtual env)
pip install medusa-security

# Run a scan on the current directory
medusa scan .

Optional virtual environment (recommended):

python3 -m venv medusa-env
source medusa-env/bin/activate  # On Windows: medusa-env\Scripts\activate
pip install medusa-security
medusa scan .

Platform notes:

• Windows users may need to use py -m medusa when the medusa command is not found.
• If you prefer to run as a module explicitly, you can invoke via: python -m medusa scan .

Tips and notes:

• MEDUSA provides multiple report formats (JSON, HTML, Markdown, SARIF). Use --format all to generate all outputs in one go.
• External linters (bandit, eslint, shellcheck) are auto-detected if installed; they extend coverage but are optional.
• For large projects, consider using a virtual environment to isolate dependencies.
• If MEDUSA flags issues that you believe are false positives, you can adjust precision via pattern tuning and the YAML configuration (.medusa.yml) in your project.
• On MCP deployments, you can pass MEDUSA_CONFIG to customize scanning behavior or point to a specific config file.