#sast

Dead code detection, security scanning, and code quality analysis for Python, TypeScript, and Go. 98% recall with 3x fewer false positives than Vulture. 5 tools: analyze, security_scan, quality_check, secrets_scan, remediate. AI-powered auto-fix agent.

Plugin for JADX to integrate MCP server

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security. It also supports the analysis of code snippet directly within the agent context.

Code Pathfinder's MCP Server provides AI coding assistants like Claude Code with deep semantic understanding of codebases through call graph analysis, symbol search, and dependency tracking. It enables developers to ask natural language questions like "who calls this function?" instead of manually using grep or searching code. The tool runs 100% locally (your code never leaves your machine), is free and open-source under AGPL-3.0, and installs in under 5 minutes. [codepathfinder](https://codepathfinder.dev/mcp)

Security MCP server with 300+ rules for AI-generated code. Scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 20+ modules. Zero config, runs locally.

LiveDataLink is a hosted MCP server giving AI agents 182 real-time data tools across 36 domains through a single Streamable HTTP endpoint. Coverage includes sanctions screening (OFAC + UN + EU + BIS DPL first-party indexed), SEC EDGAR, federal courts plus Caselaw Access Project, IRS nonprofits, NPPES healthcare providers, USAspending federal awards, Federal Register + eCFR regulations, CVE + threat intel (RDAP, IP reputation, FBI Wanted, CISA KEV), FRED + BLS + US Treasury + World Bank macro, EIA + NREL energy, Zillow real estate, Texas parcels, ClinicalTrials.gov, FDA, EPA, FEC, FMCSA trucking, USPTO patents, Census, federal recreation (RIDB), Project Gutenberg books, OpenAlex scholarly, NPM + PyPI + cargo + GitHub supply-chain intel, and more. One bearer token, one endpoint, one bill. Built for compliance + due diligence + agentic research workflows. Free tier (100 queries/month, no credit card) available at https://livedatalink.ai/signup/free. Paid plans from $10/month. Open MCP protocol, portable keys, no lock-in. Operated by Blackbox Foundry LLC out of Texas.

Curated by Archimedes Market. Static security analysis exposed as MCP tools. OWASP top 10, secrets detection, custom rule packs. Baseline scanning focuses on newly-introduced findings. Built for production-grade security review. → archimedes.market/assets/21c4a8ab-80dc-4a69-8444-c209a130f27e