sast-mcp-server

<!-- mcp-name: io.github.Skyrxin/sast-mcp-server -->

# SAST MCP Server

[![PyPI version](https://img.shields.io/pypi/v/sast-mcp-server)](https://pypi.org/project/sast-mcp-server/)
[![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue)](https://python.org)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
[![CI](https://github.com/Skyrxin/sast-mcp-server/actions/workflows/ci.yml/badge.svg)](https://github.com/Skyrxin/sast-mcp-server/actions)

**Static Application Security Testing (SAST) for AI agents.** A production-ready [MCP](https://modelcontextprotocol.io/) server that gives any AI agent the ability to scan code for security vulnerabilities.

Supports **11 industry-standard scanners**:

| Scanner | Languages / Scope | Type |
|---------|-------------------|------|
| **[Bandit](https://bandit.readthedocs.io/)** | Python | Security linter |
| **[njsscan](https://github.com/ajinabraham/njsscan)** | JavaScript, Node.js | Static analysis |
| **[Bearer](https://www.bearer.com/)** | Python, JS, Ruby, Java, Go, PHP | Data-flow SAST |
| **[Semgrep](https://semgrep.dev/)** | 30+ languages | Rule-based SAST |
| **[Trivy](https://trivy.dev/)** | All (CVEs, Secrets, IaC, images) | Multi-scanner |
| **[CodeQL](https://codeql.github.com/)** | Python, JS, Java, Go, C/C++, C#, Ruby, Swift | Semantic SAST |
| **[Checkov](https://www.checkov.io/)** | Terraform, K8s, Docker, CloudFormation | IaC policy scanner |
| **[Gitleaks](https://gitleaks.io/)** | All (.git history) | Deep secret scanning |
| **[OSV-Scanner](https://google.github.io/osv-scanner/)**| Multiple (lockfiles, sboms) | SCA |
| **[Grype](https://github.com/anchore/grype)** | Containers, OS packages, lockfiles, SBOMs | SCA / image scanning |
| **[OWASP ZAP](https://www.zaproxy.org/)** | RUNTIME | Dynamic (DAST) via Docker |

Works with **any MCP-compatible agent**: Gemini CLI, Claude Desktop, OpenAI Agents, Cursor, Windsurf, and more.

---

## Features

- 🔍 **11 SAST/SCA/DAST scanners** with a unified output format
- 🌳 **AST-aware context** — shows the full enclosing function, not just a line number
- 📊 **Severity & confidence filtering** — focus on what matters
- 🔀 **Git diff mode** — scan only modified files for incremental reviews
- 🙈 **Ignore management** — suppress false positives with audit trail
- 📄 **Pagination** — handle large codebases without overwhelming the agent
- 🌐 **Dual transport** — stdio (local) or Streamable HTTP (remote deployments)
- 🔐 **JWT & API key authentication** — secure remote deployments
- 📦 **One command install** — `pip install sast-mcp-server`
- 🚀 **Multi-scanner mode** — run all installed scanners in parallel with deduplication
- 📋 **SARIF export** — CI/CD integration with GitHub, GitLab, Azure DevOps
- 🏗️ **IaC scanning** — Terraform, Kubernetes, Docker security policies
- 🔑 **Secret detection** — find hardcoded API keys, tokens, and passwords in code and git history
- 📦 **SCA / dependency CVEs** — scan lock files for known vulnerabilities against the OSV database
- 🕷️ **DAST** — dynamic baseline scans of running apps via OWASP ZAP + Docker
- 📈 **Baselines & trend tracking** — cache scans and diff against a saved baseline
- 🤖 **MCP Prompts & Resources** — pre-built security workflows and live dashboards for agents
- 📤 **Dashboard integrations** — push SARIF results to DefectDojo or GitHub Code Scanning
- 🩹 **AI-assisted remediation** — generate fix prompts and apply agent-written patches via `git apply`

---

## Quick Start

### Install

```bash
pip install sast-mcp-server
```

Or run directly without installing:
```bash
uvx sast-mcp-server
```

### Install at least one scanner

```bash
# Python projects
pip install bandit

# JavaScript/Node.js projects
pip install njsscan

# Multi-language (recommended)
pip install semgrep

# IaC, secrets, and dependency CVEs (recommended)
# See: https://aquasecurity.github.io/trivy/latest/getting-started/installation/

# IaC policy scanning
pip install checkov

# Deep semantic analysis
# See: https://github.com/github/codeql-cli-binaries/releases

# Data-flow analysis
# See: https://docs.bearer.com/installation/
```

---

## Usage with AI Agents

### Gemini CLI

Install as an extension:
```bash
gemini extensions install https://github.com/Skyrxin/sast-mcp-server
```

Or add to your `~/.gemini/settings.json`:
```json
{
  "mcpServers": {
    "sast": {
      "command": "uvx",
      "args": ["sast-mcp-server"]
    }
  }
}
```

### Claude Desktop

Add to your `claude_desktop_config.json`:
```json
{
  "mcpServers": {
    "sast": {
      "command": "uvx",
      "args": ["sast-mcp-server"]
    }
  }
}
```

See [full Claude Desktop guide](docs/claude-desktop.md).

### Cursor IDE

Add to Cursor Settings → MCP Servers:
```json
{
  "mcpServers": {
    "sast": {
      "command": "uvx",
      "args": ["sast-mcp-server"]
    }
  }
}
```

See [full Cursor guide](docs/cursor.md).

### OpenAI Agents SDK

```python
from agents.mcp import MCPServerStdio

sast_server = MCPServerStdio(command="uvx", args=["sast-mcp-server"])
```

See [full OpenAI guide](docs/openai.md).

---

## Available MCP Tools

### `scan_vulnerabilities`
Scan a directory for security vulnerabilities using a specific scanner.

| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `target_path` | string | *required* | Path to scan |
| `scanner_name` | string | `"bearer"` | Scanner: `bandit`, `njsscan`, `bearer`, `semgrep`, `trivy`, `codeql`, `checkov` |
| `min_severity` | string | `"LOW"` | Minimum severity: `LOW`, `MEDIUM`, `HIGH`, `CRITICAL` |
| `min_confidence` | string | `"LOW"` | Minimum confidence: `LOW`, `MEDIUM`, `HIGH` |
| `git_diff_only` | bool | `false` | Only scan git-modified files |
| `limit` | int | `50` | Max findings to return |
| `offset` | int | `0` | Pagination offset |

### `scan_all`
Run ALL installed scanners in parallel with automatic deduplication. **Recommended for comprehensive security scanning.**

| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `target_path` | string | *required* | Path to scan |
| `min_severity` | string | `"MEDIUM"` | Minimum severity (higher default to reduce noise) |
| `min_confidence` | string | `"LOW"` | Minimum confidence |
| `git_diff_only` | bool | `false` | Only scan git-modified files |
| `limit` | int | `50` | Max findings to return |
| `offset` | int | `0` | Pagination offset |

### `scan_git_history`
Scan the entire `.git` history for leaked secrets and credentials using Gitleaks.

| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `target_path` | string | `"."` | Path to the repository root (must contain `.git`) |
| `min_severity` | string | `"LOW"` | Minimum severity to report |

### `run_active_scan`
Run a dynamic (DAST) baseline scan with OWASP ZAP by orchestrating a Docker Compose stack.

| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `target_path` | string | *required* | Directory containing the docker-compose file |
| `docker_compose_file` | string | *required* | Name of the docker-compose file (e.g. `docker-compose.yml`) |
| `target_url` | string | *required* | URL of the running app once it's up (e.g. `http://localhost:8080`) |

### `export_sarif`
Export scan results in SARIF 2.1.0 format for CI/CD integration.

| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `target_path` | string | *required* | Path to scan |
| `scanner_name` | string | `"bearer"` | Scanner to use |
| `min_severity` | string | `"LOW"` | Minimum severity |
| `min_confidence` | string | `"LOW"` | Minimum confidence |
| `output_path` | string | `""` | File path to write SARIF (empty = return as string) |

### `list_scanners`
List available scanners, their installation status, and supported languages.

### `ignore_vulnerability`
Suppress a finding from future scans (with audit trail).

### `unignore_vulnerability`
Re-enable a previously suppressed finding.

### `list_ignored_vulnerabilities`
Show all currently suppressed findings for a project.

### `save_baseline`
Run a scan and cache the results as a named baseline for future trend comparison.

| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `target_path` | string | *required* | Path to scan |
| `tag` | string | `"latest"` | Name for this baseline (e.g. `main`, `pre-release`) |
| `scanner_name` | string | `"bearer"` | Scanner to use |
| `min_severity` | string | `"LOW"` | Minimum severity to include |
| `min_confidence` | string | `"LOW"` | Minimum confidence to include |

### `compare_baseline`
Compare a fresh scan against a saved baseline to highlight new and fixed findings.

| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `target_path` | string | *required* | Path to scan |
| `tag` | string | `"latest"` | Baseline tag to compare against |
| `scanner_name` | string | `"bearer"` | Scanner to use |
| `min_severity` | string | `"LOW"` | Minimum severity to include |
| `min_confidence` | string | `"LOW"` | Minimum confidence to include |

### `upload_to_defectdojo`
Import a SARIF export into a DefectDojo engagement. Requires `DEFECTDOJO_URL`
and `DEFECTDOJO_API_KEY` environment variables.

| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `sarif_path` | string | *required* | Path to a SARIF file from `export_sarif` |
| `engagement_id` | int | *required* | Target DefectDojo engagement ID |
| `active` | bool | `true` | Mark imported findings active |
| `verified` | bool | `false` | Mark imported findings verified |

### `upload_to_github`
Upload a SARIF report to GitHub Code Scanning. Requires a `GITHUB_TOKEN` with
`security_events: write` scope.

| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `sarif_path` | string | *required