Connects Claude to the JavaSinkTracer static analysis engine for Java security auditing. Exposes tools to build call graphs, scan for vulnerabilities like SQL injection and RCE, analyze vulnerability chains, and extract method source code. Uses function-level taint analysis instead of variable-level tracking to handle complex scenarios like threading and reflection. You'd reach for this when doing security code reviews of Java projects, especially Spring Boot applications, where you need AI-assisted vulnerability discovery that can trace from dangerous sinks back to external entry points across method boundaries.
claude mcp add --transport stdio zacarx-javasinktracer_mcp uvx javasinktracer_mcp