MCP.so
Sign In
Servers

PCI DSS MCP

@shyshlakov

PCI DSS v4.0.1 static-analysis MCP server for Go payment service codebases. 12 scanners detect PAN/CVV exposure, weak crypto, missing audit logs, vulnerable deps, TLS misconfig, auth weaknesses, plus CycloneDX 1.6 SBOM generation. Each finding maps to the exact PCI requirement. A

Overview

What is PCI DSS MCP?

Static-analysis MCP server that detects PCI DSS v4.0.1 violations in Go payment service codebases. Every finding maps to a specific PCI DSS requirement number. Built for developers, QSAs, and CI gates.

How to use PCI DSS MCP?

Install via Docker (mount your Go source read-only) or go install github.com/shyshlakov/[email protected]. Add the corresponding command to your MCP client configuration (e.g., pci-dss-mcp or the docker run command).

Key features of PCI DSS MCP?

  • PAN/CVV storage, masking, and zeroing detection
  • Weak encryption and hardcoded key checks
  • TLS misconfiguration auditing (cipher, version)
  • Secrets and credentials in configuration detection
  • Missing or unstructured audit log identification
  • Dependency vulnerability scanning via OSV.dev (offline)

Use cases of PCI DSS MCP?

  • Pre-commit scanning for developers writing payment code
  • Pre-assessment scans for Qualified Security Assessors (QSAs)
  • CI/CD pipeline gates to block PCI DSS violations before deploy
  • Automated generation of PCI DSS compliance reports
  • AI-assisted triage of findings for prioritized remediation

FAQ from PCI DSS MCP

Is PCI DSS MCP a replacement for broad SAST or a QSA?

No. It only covers about 6% of PCI DSS v4.0.1 controls. It is not a replacement for Semgrep, CodeQL, gosec for OWASP Top 10, or a Qualified Security Assessor.

How do I install and configure PCI DSS MCP?

Use Docker (ghcr.io/shyshlakov/pci-dss-mcp:v0.6.2) with a bind mount to your Go source, or install via go install. Then add the command to your MCP client config.

What does PCI DSS MCP scan?

It runs 12 scanners over Go source code and configuration files, each mapped to specific PCI DSS requirement numbers (e.g., 3.3.1, 4.2.1, 8.6.2, 10.2

Tags

More from Developer Tools