Skyrxin/sast-mcp-server

Overview

A Python-based MCP server that exposes 11 static and dynamic application security testing scanners through a unified interface. It integrates tools like Bandit, Semgrep, Trivy, CodeQL, Checkov, Gitleaks, and OSV-Scanner to automate security analysis.

Best for

Best for
Developers who want to experiment with MCP-based security scanning across multiple tools

Use cases

• Run multiple SAST/DAST scanners from a single MCP endpoint
• Automate security scanning in CI/CD pipelines
• Aggregate findings from diverse security tools for triage

Notes

A Python-based MCP server that exposes 11 static and dynamic application security testing scanners through a unified interface. It integrates tools like Bandit, Semgrep, Trivy, CodeQL, Checkov, Gitleaks, and OSV-Scanner to automate security analysis.

1 stars on GitHub. Last updated 2026-06-17. Licensed MIT.

Use cases

• Run multiple SAST/DAST scanners from a single MCP endpoint
• Automate security scanning in CI/CD pipelines
• Aggregate findings from diverse security tools for triage

Pros

• Unifies 11 popular security scanners under one protocol
• Reduces integration effort for multi-scanner workflows
• Open source with Python codebase for easy customization

Cons

• Very early stage with only 1 GitHub star
• Limited documentation and community support
• Dependency on external scanners may cause version conflicts

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.