
PCI DSS MCP
@shyshlakov
About PCI DSS MCP
PCI DSS v4.0.1 static-analysis MCP server for Go payment service codebases. 12 scanners detect PAN/CVV exposure, weak crypto, missing audit logs, vulnerable deps, TLS misconfig, auth weaknesses, plus CycloneDX 1.6 SBOM generation. Each finding maps to the exact PCI requirement. A
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"pci-dss-mcp": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--mount",
"type=bind,src=/path/to/your/go/src,dst=/path/to/your/go/src,readonly",
"ghcr.io/shyshlakov/pci-dss-mcp:v0.6.2"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is PCI DSS MCP?
Static-analysis MCP server that detects PCI DSS v4.0.1 violations in Go payment service codebases. Every finding maps to a specific PCI DSS requirement number. Built for developers, QSAs, and CI gates.
How to use PCI DSS MCP?
Install via Docker (mount your Go source read-only) or go install github.com/shyshlakov/[email protected]. Add the corresponding command to your MCP client configuration (e.g., pci-dss-mcp or the docker run command).
Key features of PCI DSS MCP?
- PAN/CVV storage, masking, and zeroing detection
- Weak encryption and hardcoded key checks
- TLS misconfiguration auditing (cipher, version)
- Secrets and credentials in configuration detection
- Missing or unstructured audit log identification
- Dependency vulnerability scanning via OSV.dev (offline)
Use cases of PCI DSS MCP?
- Pre-commit scanning for developers writing payment code
- Pre-assessment scans for Qualified Security Assessors (QSAs)
- CI/CD pipeline gates to block PCI DSS violations before deploy
- Automated generation of PCI DSS compliance reports
- AI-assisted triage of findings for prioritized remediation
FAQ from PCI DSS MCP
Is PCI DSS MCP a replacement for broad SAST or a QSA?
No. It only covers about 6% of PCI DSS v4.0.1 controls. It is not a replacement for Semgrep, CodeQL, gosec for OWASP Top 10, or a Qualified Security Assessor.
How do I install and configure PCI DSS MCP?
Use Docker (ghcr.io/shyshlakov/pci-dss-mcp:v0.6.2) with a bind mount to your Go source, or install via go install. Then add the command to your MCP client config.
What does PCI DSS MCP scan?
It runs 12 scanners over Go source code and configuration files, each mapped to specific PCI DSS requirement numbers (e.g., 3.3.1, 4.2.1, 8.6.2, 10.2
More Developer Tools MCP servers
Stakpak Agent CLI
stakpakShip your code, on autopilot. An open source agent that lives on your machines 24/7 and keeps your apps running. 🦀
MCP Containers
metorialConnect any AI model to 1200+ integrations (MCP, CLI, API)
OpenSumi
opensumiA framework helps you quickly build AI Native IDE products. MCP Client, supports Model Context Protocol (MCP) tools via MCP server.
test
harlancA simple,high performance and secure live media server in pure Rust (RTMP[cluster]/RTSP/WebRTC[whip/whep]/HTTP-FLV/HLS).🦀
MCP-Scan: An MCP Security Scanner
invariantlabs-aiSecurity scanner for AI agents, MCP servers and agent skills.
Comments