Add Skyrxin/sast-mcp-server to Security

Adds **sast-mcp-server** to the 🔒 Security section.

A production-grade SAST/DAST MCP server that gives any agent the ability to
scan code for vulnerabilities and remediate them:

- **11 scanners** — Bandit, njsscan, Bearer, Semgrep, Trivy, CodeQL, Checkov,
  Gitleaks, OSV-Scanner, Grype, OWASP ZAP
- **Closed-loop remediation** — applies a patch, re-scans, and verifies the
  finding is actually gone (auto-rollback on failure)
- **Vendor-neutral** — imports external SARIF (Snyk/Veracode/etc.) into a
  normalized, deduplicated pipeline
- **Supply chain** — container image scanning + CycloneDX/SPDX SBOM with VEX
- **Reporting** — OWASP/SANS/PCI/CIS compliance, HTML/PDF, baselines
- Listed in the official MCP Registry as `io.github.Skyrxin/sast-mcp-server`

Install: `uvx sast-mcp-server` · MIT · Python 3.10+

README.md

@@ -2620,6 +2620,7 @@ Tools for conducting research, surveys, interviews, and data collection.
 - [sidclawhq/platform](https://github.com/sidclawhq/platform) [![sidclawhq/platform MCP server](https://glama.ai/mcp/servers/sidclawhq/platform/badges/score.svg)](https://glama.ai/mcp/servers/sidclawhq/platform) 📇 🏠 ☁️ 🍎 🪟 🐧 - Governance proxy for MCP servers. Wraps any upstream server with policy evaluation, human approval workflows, and hash-chain audit trails. 18+ framework integrations. Apache 2.0 SDK.
 - [Chronolapse411/sicarius-guard](https://github.com/Chronolapse411/sicarius-guard) [![Chronolapse411/sicarius-guard MCP server](https://glama.ai/mcp/servers/Chronolapse411/sicarius-guard/badges/score.svg)](https://glama.ai/mcp/servers/Chronolapse411/sicarius-guard) 📇 ☁️ - Solana token safety oracle for AI agents and trading bots. Byte-level SPL mint analysis, honeypot detection, freeze/mint authority checks, Birdeye market enrichment, and composite risk scoring. Deployed on Google Cloud Run.
 - [sint-ai/sint-protocol](https://github.com/sint-ai/sint-protocol) [![sint-ai/sint-protocol MCP server](https://glama.ai/mcp/servers/sint-ai/sint-protocol/badges/score.svg)](https://glama.ai/mcp/servers/sint-ai/sint-protocol) 📇 🏠 🍎 🪟 🐧 - Security-first MCP governance proxy (`sint-mcp`) with capability tokens, T0-T3 approval tiers, fail-closed execution, and tamper-evident audit receipts. Includes a separate `sint-scan` CLI for preflight MCP tool-risk audits.
+- [Skyrxin/sast-mcp-server](https://github.com/Skyrxin/sast-mcp-server) 🐍 🏠 🍎 🪟 🐧 - SAST/DAST server exposing 11 security scanners (Bandit, Semgrep, Trivy, CodeQL, Checkov, Gitleaks, OSV-Scanner, Grype, OWASP ZAP, and more) with closed-loop remediation (scan→patch→re-scan→verify), SARIF/SBOM/VEX export, compliance reporting, and CI integrations (GitHub Advanced Security, DefectDojo, Slack, Jira).
 - [snyk/studio-mcp](https://github.com/snyk/studio-mcp) 🎖️ 📇 ☁️ 🍎 🪟 🐧 - Embeds Snyk's security engines into agentic workflows. Secures AI-generated code in real-time and accelerates the fixing vulnerability backlogs.
 - [StacklokLabs/osv-mcp](https://github.com/StacklokLabs/osv-mcp) 🏎️ ☁️ - Access the OSV (Open Source Vulnerabilities) database for vulnerability information. Query vulnerabilities by package version or commit, batch query multiple packages, and get detailed vulnerability information by ID.
 - [velvetway/minreestr-mcp](https://github.com/velvetway/minreestr-mcp) [![velvetway/minreestr-mcp MCP server](https://glama.ai/mcp/servers/velvetway/minreestr-mcp/badges/score.svg)](https://glama.ai/mcp/servers/velvetway/minreestr-mcp) 🐍 ☁️ 🍎 🪟 🐧 - Search каталогпо.рф (Russian software registry, 26k+ products) for import-substitution and ФСТЭК/ФСБ-certified software discovery. Three tools: full-text search, manufacturer listing, featured products. Ideal for Russian security/compliance teams (152-ФЗ, 187-ФЗ) using Claude.