{"id":"security-scanner-mcp-server","name":"security-scanner-mcp-server","homepage":"https://pypi.org/project/security-scanner-mcp-server/","repo_url":"https://github.com/poneglyph-research/security_scanner_mcp_server","category":"security","subcategories":[],"tags":["security","mcp","security-scanning","sast","dependency-scanning","automation"],"what_it_does":"Evaluates source artifacts for security issues via an MCP (Model Context Protocol) server interface, intended to be used by AI agents to run or orchestrate scanning workflows.","use_cases":["Letting an AI agent trigger security scans as part of code review or CI workflows","Security triage by repeatedly scanning specific repos/files and summarizing findings","Generating audit-style reports from scan outputs for stakeholders"],"not_for":["Production incident response requiring guaranteed real-time guarantees","Scanning that requires proprietary infrastructure without providing access to scan targets","Use as a substitute for verified security testing (e.g., manual pen testing, vendor assurance)"],"best_when":"You need a tool an AI agent can call to run security scanning steps in a consistent, automatable way (e.g., CI and developer workflows).","avoid_when":"You cannot securely provide the scan targets/credentials to the scanning runtime, or you require a strongly specified, documented API contract for regulated environments.","alternatives":["Standalone CLI security scanners (e.g., SAST/DAST tools) integrated directly into CI","GitHub/GitLab security features (dependency scanning, secret scanning)","Custom internal scanning service with a REST API + OpenAPI spec"],"af_score":42.8,"security_score":40.5,"reliability_score":7.5,"package_type":"mcp_server","discovery_source":["pypi"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:45:02.367614+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"Auth requirements are not provided in the supplied information; MCP servers typically use configuration/env vars, but this cannot be confirmed here."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":42.8,"security_score":40.5,"reliability_score":7.5,"mcp_server_quality":50.0,"documentation_accuracy":40.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":20.0,"tls_enforcement":60.0,"auth_strength":35.0,"scope_granularity":25.0,"dependency_hygiene":45.0,"secret_handling":40.0,"security_notes":"No repo/package details were provided to verify TLS, auth model, scope granularity, dependency posture, or secret-handling practices. For security scanners, risks typically include handling of sensitive code/artifacts, secrets in prompts/logs, and ensuring least-privilege access to scan targets.","uptime_documented":0.0,"version_stability":0.0,"breaking_changes_history":0.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Security scanning can be slow; agents may need timeouts/backoff to avoid premature failures.","If scan results depend on mutable repo state, repeated calls may yield different outputs unless pinning/commit hashes are used.","If tool inputs include file paths or credentials, agents may accidentally leak secrets into logs if the tool is not careful."]}}