ast-sast-mcp-server
Verified Safeby gaboLectric
Overview
Provides static analysis (SAST) for TypeScript code, identifying security vulnerabilities and quality issues for AI agents.
Installation
npm startSecurity Notes
The server's primary function is Static Analysis Security Testing (SAST). The core logic in `src/analyzer.ts` is designed to *detect* common security risks like `eval()` and hardcoded secrets, not to utilize them. The `src/server.ts` code itself appears well-contained and does not expose direct vulnerabilities or use dangerous patterns. The `client_demo.ts` includes examples of 'unsafe code' to demonstrate the analyzer's capabilities, but these are test inputs, not part of the server's operational code. No hardcoded secrets or 'eval' calls are found in the server's functional implementation. The use of `@modelcontextprotocol/sdk` and `zod` for request validation enhances robustness. The server primarily uses stdio for communication, limiting direct network attack surface for this specific deployment method.
Similar Servers
sonarqube-mcp-server
The SonarQube MCP Server enables seamless integration with SonarQube Server or Cloud for code quality and security, supporting analysis of code snippets and acting as a backend for AI coding agents.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
ast-mcp-server
Provides an MCP (Model Context Protocol) server for code structure and semantic analysis using ASTs and ASGs, integrated with external AI clients like Claude Desktop.
logicstamp-mcp
Provides AI assistants with structured access to React/TypeScript codebases through LogicStamp Context's analysis engine, enabling safe analysis, modification, and verification of code.