MCP.so
登录

PCI DSS MCP

@shyshlakov

关于 PCI DSS MCP

PCI DSS v4.0.1 static-analysis MCP server for Go payment service codebases. 12 scanners detect PAN/CVV exposure, weak crypto, missing audit logs, vulnerable deps, TLS misconfig, auth weaknesses, plus CycloneDX 1.6 SBOM generation. Each finding maps to the exact PCI requirement. A

基本信息

分类

开发工具

传输方式

stdio

发布者

shyshlakov

提交者

Oleksandr

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "pci-dss-mcp": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--mount",
        "type=bind,src=/path/to/your/go/src,dst=/path/to/your/go/src,readonly",
        "ghcr.io/shyshlakov/pci-dss-mcp:v0.6.2"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is PCI DSS MCP?

Static-analysis MCP server that detects PCI DSS v4.0.1 violations in Go payment service codebases. Every finding maps to a specific PCI DSS requirement number. Built for developers, QSAs, and CI gates.

How to use PCI DSS MCP?

Install via Docker (mount your Go source read-only) or go install github.com/shyshlakov/[email protected]. Add the corresponding command to your MCP client configuration (e.g., pci-dss-mcp or the docker run command).

Key features of PCI DSS MCP?

  • PAN/CVV storage, masking, and zeroing detection
  • Weak encryption and hardcoded key checks
  • TLS misconfiguration auditing (cipher, version)
  • Secrets and credentials in configuration detection
  • Missing or unstructured audit log identification
  • Dependency vulnerability scanning via OSV.dev (offline)

Use cases of PCI DSS MCP?

  • Pre-commit scanning for developers writing payment code
  • Pre-assessment scans for Qualified Security Assessors (QSAs)
  • CI/CD pipeline gates to block PCI DSS violations before deploy
  • Automated generation of PCI DSS compliance reports
  • AI-assisted triage of findings for prioritized remediation

FAQ from PCI DSS MCP

Is PCI DSS MCP a replacement for broad SAST or a QSA?

No. It only covers about 6% of PCI DSS v4.0.1 controls. It is not a replacement for Semgrep, CodeQL, gosec for OWASP Top 10, or a Qualified Security Assessor.

How do I install and configure PCI DSS MCP?

Use Docker (ghcr.io/shyshlakov/pci-dss-mcp:v0.6.2) with a bind mount to your Go source, or install via go install. Then add the command to your MCP client config.

What does PCI DSS MCP scan?

It runs 12 scanners over Go source code and configuration files, each mapped to specific PCI DSS requirement numbers (e.g., 3.3.1, 4.2.1, 8.6.2, 10.2

评论

开发工具 分类下的更多 MCP 服务器