Real security scanners for AI coding agents: SAST (441 rules), secret detection (419+ patterns), dependency CVEs, MCP/skill vetting, MITRE ATT&CK. Real scanners,
not the model guessing. Rust, Apache-2.0, free.
Server Config
{
"mcpServers": {
"zfuzz": {
"command": "npx",
"args": [
"-y",
"@zfuzz/mcp"
]
}
}
}