From 40c938d381783c1ef6a021ebd14ba8a4d51578a3 Mon Sep 17 00:00:00 2001 From: Abdellah Date: Wed, 17 Jun 2026 21:29:56 +0100 Subject: [PATCH] Add Skyrxin/sast-mcp-server to Security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds **sast-mcp-server** to the πŸ”’ Security section. A production-grade SAST/DAST MCP server that gives any agent the ability to scan code for vulnerabilities and remediate them: - **11 scanners** β€” Bandit, njsscan, Bearer, Semgrep, Trivy, CodeQL, Checkov, Gitleaks, OSV-Scanner, Grype, OWASP ZAP - **Closed-loop remediation** β€” applies a patch, re-scans, and verifies the finding is actually gone (auto-rollback on failure) - **Vendor-neutral** β€” imports external SARIF (Snyk/Veracode/etc.) into a normalized, deduplicated pipeline - **Supply chain** β€” container image scanning + CycloneDX/SPDX SBOM with VEX - **Reporting** β€” OWASP/SANS/PCI/CIS compliance, HTML/PDF, baselines - Listed in the official MCP Registry as `io.github.Skyrxin/sast-mcp-server` Install: `uvx sast-mcp-server` Β· MIT Β· Python 3.10+ --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2a66be271..018e1b7c6 100644 --- a/README.md +++ b/README.md @@ -2620,6 +2620,7 @@ Tools for conducting research, surveys, interviews, and data collection. - [sidclawhq/platform](https://github.com/sidclawhq/platform) [![sidclawhq/platform MCP server](https://glama.ai/mcp/servers/sidclawhq/platform/badges/score.svg)](https://glama.ai/mcp/servers/sidclawhq/platform) πŸ“‡ 🏠 ☁️ 🍎 πŸͺŸ 🐧 - Governance proxy for MCP servers. Wraps any upstream server with policy evaluation, human approval workflows, and hash-chain audit trails. 18+ framework integrations. Apache 2.0 SDK. - [Chronolapse411/sicarius-guard](https://github.com/Chronolapse411/sicarius-guard) [![Chronolapse411/sicarius-guard MCP server](https://glama.ai/mcp/servers/Chronolapse411/sicarius-guard/badges/score.svg)](https://glama.ai/mcp/servers/Chronolapse411/sicarius-guard) πŸ“‡ ☁️ - Solana token safety oracle for AI agents and trading bots. Byte-level SPL mint analysis, honeypot detection, freeze/mint authority checks, Birdeye market enrichment, and composite risk scoring. Deployed on Google Cloud Run. - [sint-ai/sint-protocol](https://github.com/sint-ai/sint-protocol) [![sint-ai/sint-protocol MCP server](https://glama.ai/mcp/servers/sint-ai/sint-protocol/badges/score.svg)](https://glama.ai/mcp/servers/sint-ai/sint-protocol) πŸ“‡ 🏠 🍎 πŸͺŸ 🐧 - Security-first MCP governance proxy (`sint-mcp`) with capability tokens, T0-T3 approval tiers, fail-closed execution, and tamper-evident audit receipts. Includes a separate `sint-scan` CLI for preflight MCP tool-risk audits. +- [Skyrxin/sast-mcp-server](https://github.com/Skyrxin/sast-mcp-server) 🐍 🏠 🍎 πŸͺŸ 🐧 - SAST/DAST server exposing 11 security scanners (Bandit, Semgrep, Trivy, CodeQL, Checkov, Gitleaks, OSV-Scanner, Grype, OWASP ZAP, and more) with closed-loop remediation (scanβ†’patchβ†’re-scanβ†’verify), SARIF/SBOM/VEX export, compliance reporting, and CI integrations (GitHub Advanced Security, DefectDojo, Slack, Jira). - [snyk/studio-mcp](https://github.com/snyk/studio-mcp) πŸŽ–οΈ πŸ“‡ ☁️ 🍎 πŸͺŸ 🐧 - Embeds Snyk's security engines into agentic workflows. Secures AI-generated code in real-time and accelerates the fixing vulnerability backlogs. - [StacklokLabs/osv-mcp](https://github.com/StacklokLabs/osv-mcp) 🏎️ ☁️ - Access the OSV (Open Source Vulnerabilities) database for vulnerability information. Query vulnerabilities by package version or commit, batch query multiple packages, and get detailed vulnerability information by ID. - [velvetway/minreestr-mcp](https://github.com/velvetway/minreestr-mcp) [![velvetway/minreestr-mcp MCP server](https://glama.ai/mcp/servers/velvetway/minreestr-mcp/badges/score.svg)](https://glama.ai/mcp/servers/velvetway/minreestr-mcp) 🐍 ☁️ 🍎 πŸͺŸ 🐧 - Search ΠΊΠ°Ρ‚Π°Π»ΠΎΠ³ΠΏΠΎ.Ρ€Ρ„ (Russian software registry, 26k+ products) for import-substitution and ЀБВЭК/Π€Π‘Π‘-certified software discovery. Three tools: full-text search, manufacturer listing, featured products. Ideal for Russian security/compliance teams (152-Π€Π—, 187-Π€Π—) using Claude.