How do I install Sast?

Sast is a local plugin. Install it using PyPI package: sast-mcp-server and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Sast need?

Sast requires the following credentials or environment variables: SAST_MCP_TIMEOUT, SAST_MCP_LOG_LEVEL, SAST_MCP_API_KEY, SAST_MCP_JWT_SECRET. You can find setup instructions on the server detail page.

What AI apps work with Sast?

Sast uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Sast MCP Server

by Skyrxin

Developer ToolsUse Caution4.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

11-scanner SAST/DAST MCP server with closed-loop remediation, SBOM/SARIF, and CI integrations

About

11-scanner SAST/DAST MCP server with closed-loop remediation, SBOM/SARIF, and CI integrations

Security Report

4.2

Use Caution4.2High Risk

The SAST MCP server is a well-intentioned security tool with reasonable architectural choices and a comprehensive feature set. However, there are several moderate-severity concerns around dangerous subprocess operations, improper input validation for file paths, overly permissive filesystem access, and sensitive credential handling in environment variables without encryption. These issues should be addressed before production use in multi-tenant or high-security environments. Supply chain analysis found 5 known vulnerabilities in dependencies (1 critical, 3 high severity). Package verification found 1 issue.

3 files analyzed · 21 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

HTTP Network Access

Connects to external APIs or services over the internet.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

process_spawn

Check that this permission is expected for this type of plugin.

env_vars

Check that this permission is expected for this type of plugin.

system_info

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Per-scan timeout in seconds (default: 300).Optional

Environment variable: SAST_MCP_TIMEOUT

Logging level: DEBUG, INFO, WARNING, ERROR (default: INFO).Optional

Environment variable: SAST_MCP_LOG_LEVEL

Optional static API key to require auth (legacy mode; HTTP transports).Required

Environment variable: SAST_MCP_API_KEY

Optional HMAC secret to require JWT auth with scopes (HTTP transports).Required

Environment variable: SAST_MCP_JWT_SECRET

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-skyrxin-sast-mcp-server": {
      "env": {
        "SAST_MCP_API_KEY": "your-sast-mcp-api-key-here",
        "SAST_MCP_TIMEOUT": "your-sast-mcp-timeout-here",
        "SAST_MCP_LOG_LEVEL": "your-sast-mcp-log-level-here",
        "SAST_MCP_JWT_SECRET": "your-sast-mcp-jwt-secret-here"
      },
      "args": [
        "sast-mcp-server"
      ],
      "command": "uvx"
    }
  }
}

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Sast MCP Server

About

Security Report

Findings (21)Action required

Permissions Required

What You'll Need

How to Install

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript