Skip to content
Tool-Scan

Reference

CLI flags

Section titled “CLI flags”
FlagDescription
--strict / -sFail on any security issue
--min-score NSet minimum passing score (default: 70)
--json / -jOutput results as JSON
--format {text,json,sarif}Output format (default: text)
--compact-jsonEmit single-line JSON (~50% smaller)
--streamStream JSON incrementally (low memory)
--jobs NNumber of parallel scanning threads (default: 1)
--plugin-dir DIRLoad custom rule plugins from directory
--output-schemaPrint the JSON output schema and exit
--verbose / -vShow all remarks and details
--no-colorDisable colored output
--include-optionalInclude optional enterprise checks
(positional)One or more tool definition files, globs, or - for stdin

Exit codes

Section titled “Exit codes”
CodeMeaning
0All tools passed
1One or more tools failed
2Error loading files

Python imports

Section titled “Python imports”
ImportPurpose
from tool_scan import grade_toolQuick single-tool grading
from tool_scan import MCPToolGraderBatch grading with custom config
from tool_scan import SecurityScannerSecurity-only scanning
from tool_scan import ComplianceCheckerMCP spec compliance checking
from tool_scan import PluginRegistryPlugin loading and management
from tool_scan.plugins import SecurityRulePluginBase class for security rules
from tool_scan.plugins import ComplianceRulePluginBase class for compliance rules
from tool_scan.plugins import QualityRulePluginBase class for quality validators
from tool_scan.sarif import grade_reports_to_sarifSARIF output generation

Score weights

Section titled “Score weights”
ComponentWeight
Security40%
Compliance35%
Quality25%

Severity levels

Section titled “Severity levels”
LevelColorAction
CriticalRedBlocks in strict mode, caps grade at F
HighOrangeBlocks in strict mode
MediumYellowBlocks only with fail_on_medium=True
LowBlueInformational, minor deduction (5 points)
Section titled “Links”