
PCI DSS MCP
@shyshlakov
About PCI DSS MCP
PCI DSS v4.0.1 static-analysis MCP server for Go payment service codebases. 12 scanners detect PAN/CVV exposure, weak crypto, missing audit logs, vulnerable deps, TLS misconfig, auth weaknesses, plus CycloneDX 1.6 SBOM generation. Each finding maps to the exact PCI requirement. A
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"pci-dss-mcp": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--mount",
"type=bind,src=/path/to/your/go/src,dst=/path/to/your/go/src,readonly",
"ghcr.io/shyshlakov/pci-dss-mcp:v0.6.2"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is PCI DSS MCP?
Static-analysis MCP server that detects PCI DSS v4.0.1 violations in Go payment service codebases. Every finding maps to a specific PCI DSS requirement number. Built for developers, QSAs, and CI gates.
How to use PCI DSS MCP?
Install via Docker (mount your Go source read-only) or go install github.com/shyshlakov/[email protected]. Add the corresponding command to your MCP client configuration (e.g., pci-dss-mcp or the docker run command).
Key features of PCI DSS MCP?
- PAN/CVV storage, masking, and zeroing detection
- Weak encryption and hardcoded key checks
- TLS misconfiguration auditing (cipher, version)
- Secrets and credentials in configuration detection
- Missing or unstructured audit log identification
- Dependency vulnerability scanning via OSV.dev (offline)
Use cases of PCI DSS MCP?
- Pre-commit scanning for developers writing payment code
- Pre-assessment scans for Qualified Security Assessors (QSAs)
- CI/CD pipeline gates to block PCI DSS violations before deploy
- Automated generation of PCI DSS compliance reports
- AI-assisted triage of findings for prioritized remediation
FAQ from PCI DSS MCP
Is PCI DSS MCP a replacement for broad SAST or a QSA?
No. It only covers about 6% of PCI DSS v4.0.1 controls. It is not a replacement for Semgrep, CodeQL, gosec for OWASP Top 10, or a Qualified Security Assessor.
How do I install and configure PCI DSS MCP?
Use Docker (ghcr.io/shyshlakov/pci-dss-mcp:v0.6.2) with a bind mount to your Go source, or install via go install. Then add the command to your MCP client config.
What does PCI DSS MCP scan?
It runs 12 scanners over Go source code and configuration files, each mapped to specific PCI DSS requirement numbers (e.g., 3.3.1, 4.2.1, 8.6.2, 10.2
More Developer Tools MCP servers
MCP Inspector
modelcontextprotocolVisual testing tool for MCP servers

Sentry
modelcontextprotocolModel Context Protocol Servers
MCP Containers
metorialConnect any AI model to 1200+ integrations (MCP, CLI, API)
nuxt-mcp / vite-plugin-mcp
antfuMCP server helping models to understand your Vite/Nuxt app better.
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
Comments