SAST SCA SBOM Security Analyzer
Provides enterprise-grade security analysis through SAST, SCA, SBOM generation, and vulnerability scanning with Snyk ...
What it does
Provides enterprise-grade security analysis through SAST, SCA, SBOM generation, and vulnerability scanning with Snyk integration, enabling automated security testing, code review for common vulnerabilities like SQL injection and XSS, and compliance reporting for DevSecOps workflows.
This MCP server provides AI assistants with enterprise-grade security analysis capabilities through integrated SAST, SCA, SBOM generation, and vulnerability scanning tools, built using TypeScript with Snyk integration and CycloneDX SBOM support. The implementation offers four core security analysis tools: Snyk-powered vulnerability testing with configurable severity filtering and multiple output formats, automated Software Bill of Materials generation in JSON/XML/SPDX formats, security-focused code review with pattern-based detection for SQL injection, XSS, command injection, and hardcoded secrets, and comprehensive vulnerability scanning across multiple attack vectors including container security and infrastructure-as-code analysis. Built with fallback mechanisms when commercial tools aren't available, custom security rule engines, and support for multiple package managers, it serves DevSecOps teams needing automated security analysis in CI/CD pipelines, security engineers requiring comprehensive vulnerability assessment capabilities, and development teams wanting to integrate security scanning into their AI-assisted workflows with detailed remediation guidance and compliance reporting.
Capabilities
Server
Quality
deterministic score 0.55 from registry signals: · indexed on pulsemcp · has source repo · 2 github stars · registry-generated description present