DevSecOps-MCP (jmstar85)
MCP server integrating SAST, DAST, IAST, and SCA tools (incl. OWASP ZAP, npm audit, OSV Scanner, Checkov) for AI-powered DevSecOps.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for DevSecOps-MCP (jmstar85), derived from its capabilities.
AIVSS 9.1 ยท Critical
View MAESTRO 7-layer threat model โOverview
DevSecOps-MCP is an aggregator MCP server that unifies SAST, DAST, IAST, and SCA scanning behind one interface, wiring in tools like OWASP ZAP, npm audit, OSV Scanner, and Checkov. It lets an AI assistant run comprehensive multi-tool security analysis over code and IaC. Concentrating several active and passive scanners under LLM control makes scope and result-injection handling important.
Key features
- Unified SAST + DAST + IAST + SCA
- Bundles ZAP, npm audit, OSV Scanner, Checkov
- AI-driven DevSecOps automation
Use cases
- One-call multi-tool security scan of a project
- Automated DevSecOps gating in agent workflows