🛡️

Tag8 MCPs tagged here

Security

MCPs for SAST, secrets management, and security scanning

TL;DR

Security MCP servers expose vulnerability scanning (SonarQube, Snyk), secret vaulting (Vault, 1Password), and IAM tools. Agents can audit codebases, rotate secrets, and review permissions — turning security reviews into conversational tasks. Core to SecOps automation.

About Security

Security MCPs connect agents to SonarQube, Snyk, HashiCorp Vault, 1Password, and cloud IAM. They scan code for vulnerabilities, rotate secrets, audit permissions, and enforce compliance.

Common use cases

Scan every PR for vulnerabilities and comment with risk rating
Rotate API keys quarterly via agent orchestration
Audit IAM permissions and flag over-privileged roles
Generate compliance reports (SOC2, ISO 27001) from live config
Investigate security incidents by correlating logs + code + identity

MCPs tagged “Security”

sonarqube snyk 1password vault github aws okta auth0

Related recipes

🐙🔎

Code Quality Gates

SonarQube analyzes every PR for code smells, coverage drops, and security hotspots. PRs below the quality gate are blocked.

🐙🔎

SAST on Every Commit

Static application security testing runs on every commit. Critical vulnerabilities block the pipeline and page the security team.

Frequently asked questions

Is it safe to expose secrets to an MCP?

Secrets should be stored in a vault (Vault, 1Password, AWS Secrets Manager). The MCP fetches by reference, never exposes values to the LLM context.

Can agents fix security issues automatically?

They can propose fixes and open PRs — but merging should always go through human review and your CI gates.

How do I audit agent security activity?

Log every tool call with CID (correlation ID) and user context. All major security MCPs support structured audit logging out of the box.

What's the best SAST MCP?

SonarQube is the most widely adopted; Snyk has the best vuln database. Both have official MCP servers.

Install Security MCPs

Browse the full marketplace or explore all tags to find the right MCPs for your stack.

Browse Marketplace All tags

Frequently asked questions

Is it safe to expose secrets to an MCP?

Secrets should be stored in a vault (Vault, 1Password, AWS Secrets Manager). The MCP fetches by reference, never exposes values to the LLM context.

Can agents fix security issues automatically?

They can propose fixes and open PRs — but merging should always go through human review and your CI gates.

How do I audit agent security activity?

Log every tool call with CID (correlation ID) and user context. All major security MCPs support structured audit logging out of the box.

What's the best SAST MCP?

SonarQube is the most widely adopted; Snyk has the best vuln database. Both have official MCP servers.

Security

TL;DR

About Security

Common use cases

MCPs tagged “Security”

Related recipes

Code Quality Gates

SAST on Every Commit

Related tags

Frequently asked questions

Install Security MCPs

Security

TL;DR

About Security

Common use cases

MCPs tagged “Security”

Related recipes

Code Quality Gates

SAST on Every Commit

Related tags

Frequently asked questions

Install Security MCPs