0
grade F
10 days ago
glama
DevSecOps MCP Server
An MCP server that integrates SAST, DAST, and SCA security tools to enable AI-driven vulnerability scanning and automated security reporting. It allows AI assistants to execute and analyze results from tools like Semgrep, OWASP ZAP, and Trivy within a DevSecOps workflow.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
// key findings
🚨
Known vulnerabilities in dependencies: 2 critical, 6 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 4 credentials: SNYK_TOKEN, SONARQUBE_TOKEN, VERACODE_API_KEY, ZAP_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from
process.env. You'll be asked to provide them before it can run.config
LOG_LEVEL— "": "info",config
MCP_PORT— "": "3000",config
OSV_DB_PATHconfig
OSV_SCANNER_PATH— osv-scannerconfig
SECURITY_STRICT_MODE— "": "true"config
SNYK_API_URL🔐 secret
SNYK_TOKEN🔐 secret
SONARQUBE_TOKENconfig
SONARQUBE_URL— (si usas SonarQube)config
TRIVY_CACHE_DIR— /tmp/trivy-cacheconfig
TRIVY_DB_PATHconfig
TRIVY_PATHconfig
VERACODE_API_ID🔐 secret
VERACODE_API_KEY🔐 secret
ZAP_API_KEYconfig
ZAP_URL— (si usas OWASP ZAP en modo API; por defecto se usa Docker)// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[](https://m8ven.ai/mcp/jesusdavidquarksoft-mcp-security-16zsv0)commit: df61d04381a5bbf6600b6674866d3f5c697799c8
code hash: 5d2653ad00456d87dae8809604f2620bdcb43a99c143b609c68abac57f968bfa
verified: 4/11/2026, 3:11:18 PM