security-scanner-mcp-server

Evaluates source artifacts for security issues via an MCP (Model Context Protocol) server interface, intended to be used by AI agents to run or orchestrate scanning workflows.

Evaluated Apr 04, 2026 (25d ago)
Homepage ↗ Repo ↗ Security security mcp security-scanning sast dependency-scanning automation
⚙ Agent Friendliness
43
/ 100
Can an agent use this?
🔒 Security
40
/ 100
Is it safe for agents?
⚡ Reliability
8
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
50
Documentation
40
Error Messages
0
Auth Simplicity
60
Rate Limits
20

🔒 Security

TLS Enforcement
60
Auth Strength
35
Scope Granularity
25
Dep. Hygiene
45
Secret Handling
40

No repo/package details were provided to verify TLS, auth model, scope granularity, dependency posture, or secret-handling practices. For security scanners, risks typically include handling of sensitive code/artifacts, secrets in prompts/logs, and ensuring least-privilege access to scan targets.

⚡ Reliability

Uptime/SLA
0
Version Stability
0
Breaking Changes
0
Error Recovery
30
AF Security Reliability

Best When

You need a tool an AI agent can call to run security scanning steps in a consistent, automatable way (e.g., CI and developer workflows).

Avoid When

You cannot securely provide the scan targets/credentials to the scanning runtime, or you require a strongly specified, documented API contract for regulated environments.

Use Cases

  • Letting an AI agent trigger security scans as part of code review or CI workflows
  • Security triage by repeatedly scanning specific repos/files and summarizing findings
  • Generating audit-style reports from scan outputs for stakeholders

Not For

  • Production incident response requiring guaranteed real-time guarantees
  • Scanning that requires proprietary infrastructure without providing access to scan targets
  • Use as a substitute for verified security testing (e.g., manual pen testing, vendor assurance)

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

OAuth: No Scopes: No

Auth requirements are not provided in the supplied information; MCP servers typically use configuration/env vars, but this cannot be confirmed here.

Pricing

Free tier: No
Requires CC: No

No pricing information provided.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Security scanning can be slow; agents may need timeouts/backoff to avoid premature failures.
  • If scan results depend on mutable repo state, repeated calls may yield different outputs unless pinning/commit hashes are used.
  • If tool inputs include file paths or credentials, agents may accidentally leak secrets into logs if the tool is not careful.

Alternatives

Standalone CLI security scanners (e.g., SAST/DAST tools) integrated directly into CI GitHub/GitLab security features (dependency scanning, secret scanning) Custom internal scanning service with a REST API + OpenAPI spec

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for security-scanner-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered