sample-mcp-security-scanner (AWS)
AWS sample MCP server integrating Checkov, Semgrep, and Bandit for code and IaC security analysis.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for sample-mcp-security-scanner (AWS), derived from its capabilities.
AIVSS 8.5 · High
View MAESTRO 7-layer threat model →Overview
This AWS Samples MCP server integrates industry-standard scanners - Checkov, Semgrep, and Bandit (plus ASH in some variants) - so AI coding assistants like Kiro and Amazon Q Developer can automatically scan code snippets and IaC for vulnerabilities. It is a reference pattern for embedding multi-tool scanning in agent workflows. As an aggregator running local scanners on model-supplied code, injected content and scope are the main considerations.
Key features
- Bundles Checkov + Semgrep + Bandit
- Scans code snippets and IaC
- Reference pattern for Kiro / Amazon Q
Use cases
- Auto-scan agent-generated snippets
- IaC misconfiguration detection in agent flows