#sast
All
JADX-AI-MCP (Part of Zin MCP Suite)
zinja-coder
Plugin for JADX to integrate MCP server
SonarQube
SonarSource
Official SonarQube MCP Server for code quality and security in AI agents
Mcp Semgrep Scanner
archimedes-market
Curated by Archimedes Market. Static security analysis exposed as MCP tools. OWASP top 10, secrets detection, custom rule packs. Baseline scanning focuses on newly-introduced findings. Built for production-grade security review. → archimedes.market/assets/21c4a8ab-80dc-4a69-8444-
GuardVibe — Security MCP for Vibe Coding
goklab
Security MCP server with 300+ rules for AI-generated code. Scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 20+ modules. Zero config, runs locally.
Zfuzz
Zfuzz-dev
Real security scanners for AI coding agents: SAST (441 rules), secret detection (419+ patterns), dependency CVEs, MCP/skill vetting, MITRE ATT&CK. Real scanners,
Twira
TwiraHQ
Coding power tools for AI agents. 18 deterministic MCP tools: code-graph search, SAST, blast radius, wire-level PII redaction, signed audit chain. Works with Claude Code, Codex, Gemini, Cursor. Free tier on install.
Heimdall — Mcp Security Scanner
caglarbozkurt
Security scanner for MCP servers — vet an MCP before you wire it into an agent. Detects prompt-injection, credential exfiltration (via taint analysis), RCE, and supply-chain risks, and catches cross-server exfil chains no single server reveals. Zero-dependency local CLI, SARIF ou
Cycode
cycodehq
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
Skylos
duriantaco
Dead code detection, security scanning, and code quality analysis for Python, TypeScript, and Go. 98% recall with 3x fewer false positives than Vulture. 5 tools: analyze, security_scan, quality_check, secrets_scan, remediate. AI-powered auto-fix agent.
Code Pathfinder
shivasurya
Code Pathfinder's MCP Server provides AI coding assistants like Claude Code with deep semantic understanding of codebases through call graph analysis, symbol search, and dependency tracking. It enables developers to ask natural language questions like "who calls this function?" i