diff --git a/README.md b/README.md
index 2a66be271..018e1b7c6 100644
--- a/README.md
+++ b/README.md
@@ -2620,6 +2620,7 @@ Tools for conducting research, surveys, interviews, and data collection.
 - [sidclawhq/platform](https://github.com/sidclawhq/platform) [![sidclawhq/platform MCP server](https://glama.ai/mcp/servers/sidclawhq/platform/badges/score.svg)](https://glama.ai/mcp/servers/sidclawhq/platform) 📇 🏠 ☁️ 🍎 🪟 🐧 - Governance proxy for MCP servers. Wraps any upstream server with policy evaluation, human approval workflows, and hash-chain audit trails. 18+ framework integrations. Apache 2.0 SDK.
 - [Chronolapse411/sicarius-guard](https://github.com/Chronolapse411/sicarius-guard) [![Chronolapse411/sicarius-guard MCP server](https://glama.ai/mcp/servers/Chronolapse411/sicarius-guard/badges/score.svg)](https://glama.ai/mcp/servers/Chronolapse411/sicarius-guard) 📇 ☁️ - Solana token safety oracle for AI agents and trading bots. Byte-level SPL mint analysis, honeypot detection, freeze/mint authority checks, Birdeye market enrichment, and composite risk scoring. Deployed on Google Cloud Run.
 - [sint-ai/sint-protocol](https://github.com/sint-ai/sint-protocol) [![sint-ai/sint-protocol MCP server](https://glama.ai/mcp/servers/sint-ai/sint-protocol/badges/score.svg)](https://glama.ai/mcp/servers/sint-ai/sint-protocol) 📇 🏠 🍎 🪟 🐧 - Security-first MCP governance proxy (`sint-mcp`) with capability tokens, T0-T3 approval tiers, fail-closed execution, and tamper-evident audit receipts. Includes a separate `sint-scan` CLI for preflight MCP tool-risk audits.
+- [Skyrxin/sast-mcp-server](https://github.com/Skyrxin/sast-mcp-server) 🐍 🏠 🍎 🪟 🐧 - SAST/DAST server exposing 11 security scanners (Bandit, Semgrep, Trivy, CodeQL, Checkov, Gitleaks, OSV-Scanner, Grype, OWASP ZAP, and more) with closed-loop remediation (scan→patch→re-scan→verify), SARIF/SBOM/VEX export, compliance reporting, and CI integrations (GitHub Advanced Security, DefectDojo, Slack, Jira).
 - [snyk/studio-mcp](https://github.com/snyk/studio-mcp) 🎖️ 📇 ☁️ 🍎 🪟 🐧 - Embeds Snyk's security engines into agentic workflows. Secures AI-generated code in real-time and accelerates the fixing vulnerability backlogs.
 - [StacklokLabs/osv-mcp](https://github.com/StacklokLabs/osv-mcp) 🏎️ ☁️ - Access the OSV (Open Source Vulnerabilities) database for vulnerability information. Query vulnerabilities by package version or commit, batch query multiple packages, and get detailed vulnerability information by ID.
 - [velvetway/minreestr-mcp](https://github.com/velvetway/minreestr-mcp) [![velvetway/minreestr-mcp MCP server](https://glama.ai/mcp/servers/velvetway/minreestr-mcp/badges/score.svg)](https://glama.ai/mcp/servers/velvetway/minreestr-mcp) 🐍 ☁️ 🍎 🪟 🐧 - Search каталогпо.рф (Russian software registry, 26k+ products) for import-substitution and ФСТЭК/ФСБ-certified software discovery. Three tools: full-text search, manufacturer listing, featured products. Ideal for Russian security/compliance teams (152-ФЗ, 187-ФЗ) using Claude.