sercha-core
mcp
Warn
Health Warn
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This platform provides unified, self-hosted search across an organization's shared data sources, such as Google Drive, GitHub, and Confluence. It is designed to be deployed on your own infrastructure to keep internal data private.
Security Assessment
Overall Risk: Medium. Because this tool is designed to aggregate organizational data, it inherently interacts with highly sensitive information and requires strict OAuth2 permissions to access third-party SaaS applications. The automated code scan (12 files) found no dangerous patterns, hardcoded secrets, or malicious network requests, nor does it request unsafe local permissions. However, the platform relies on Docker containers, OpenSearch, and database integrations, which require careful environment configuration to ensure data remains secure.
Quality Assessment
The project is actively maintained, with repository activity as recent as today. It is protected by the standard Apache-2.0 license and includes comprehensive documentation, an API reference, and active CI pipelines. The primary concern is its low community visibility; with only 7 GitHub stars, the tool is very new and has not yet been tested at scale by a broad user base. While the developers provide a Discord channel and clear contributing guidelines, community trust is currently limited.
Verdict
Use with caution—the code itself appears clean and safe, but its newness and deep access to sensitive corporate data warrant a thorough internal security review before deploying to a production environment.
This platform provides unified, self-hosted search across an organization's shared data sources, such as Google Drive, GitHub, and Confluence. It is designed to be deployed on your own infrastructure to keep internal data private.
Security Assessment
Overall Risk: Medium. Because this tool is designed to aggregate organizational data, it inherently interacts with highly sensitive information and requires strict OAuth2 permissions to access third-party SaaS applications. The automated code scan (12 files) found no dangerous patterns, hardcoded secrets, or malicious network requests, nor does it request unsafe local permissions. However, the platform relies on Docker containers, OpenSearch, and database integrations, which require careful environment configuration to ensure data remains secure.
Quality Assessment
The project is actively maintained, with repository activity as recent as today. It is protected by the standard Apache-2.0 license and includes comprehensive documentation, an API reference, and active CI pipelines. The primary concern is its low community visibility; with only 7 GitHub stars, the tool is very new and has not yet been tested at scale by a broad user base. While the developers provide a Discord channel and clear contributing guidelines, community trust is currently limited.
Verdict
Use with caution—the code itself appears clean and safe, but its newness and deep access to sensitive corporate data warrant a thorough internal security review before deploying to a production environment.
Sercha Core is a self-hosted, team-wide search platform for shared organisational data.
README.md
Self-hosted search across all your team's tools.
Documentation | Discord | Report Bug | Request Feature
Sercha Core connects your team's data sources - GitHub, Google Drive, Notion, Confluence, and more - and provides unified search across all of them. Self-hosted, so your data stays on your infrastructure.
Features
- Connectors - GitHub and LocalFS today, with 12+ more planned
- BM25 search - Full-text search powered by OpenSearch
- Semantic search - Vector search with pgvector and configurable embedding models
- OAuth2 - Connect data sources securely, with JWT session management
- REST API - Full OpenAPI spec with Swagger UI
- Admin UI - Web interface for managing sources, connections, and search
Quick Start
Requires Docker and 4GB RAM.
git clone https://github.com/sercha-oss/sercha-core.git
cd sercha-core/examples/quickstart
docker compose --profile ui up -d
API available at http://localhost:8080, Admin UI at http://localhost:3000.
See the Quickstart Guide for the full walkthrough.
Development
cd examples/dev
docker compose up -d --build # API at localhost:8080
cd ui
npm install && npm run dev # UI at localhost:3000
See examples/dev/ and CONTRIBUTING.md for details.
Documentation
Contributing
See CONTRIBUTING.md for development setup and guidelines, and SECURITY.md for reporting vulnerabilities.
License
Apache 2.0 - see LICENSE.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found