Skyrxin/sast-mcp-server
🔌 MCP ServerSkyrxin
An all-in-one MCP server integrating 11 security scanners for automated vulnerability detection and closed-loop remediation.
The sast-mcp-server acts as a powerful bridge between AI agents and enterprise-grade security tooling. By exposing 11 distinct security scanners—including Bandit, Semgrep, Trivy, CodeQL, Checkov, Gitleaks, OSV-Scanner, Grype, and OWASP ZAP—it allows AI models to perform deep security audits on codebases and infrastructure configurations.
Key innovations include its closed-loop remediation capability, which orchestrates the scan-patch-re-scan-verify cycle, significantly reducing the mean time to remediation (MTTR). The server is designed for modern DevSecOps workflows, supporting advanced reporting formats such as SARIF for static analysis, SBOM for supply chain transparency, and VEX for vulnerability exploitability tracking. It integrates natively with platforms like GitHub Advanced Security, DefectDojo, Slack, and Jira, transforming security from a reactive bottleneck into an automated, proactive component of the software development lifecycle. This tool is essential for teams looking to enforce compliance and security standards without leaving their AI-powered coding environment.
💡Highlights
- ├─11 integrated security scanners
- ├─Closed-loop scan-patch-verify
- └─SARIF, SBOM, and VEX support
🎯For
- ├─DevSecOps Engineers
- ├─Security Researchers
- └─Software Developers