🔒

Security MCP Servers

139 servers available

Security scanning, authentication, and protection

🔒

1Password

by 1Password

LocalFeaturedOfficial

Access and manage secrets stored in 1Password vaults. Retrieve credentials, SSH keys, API tokens, and secure notes directly in AI coding environments.

🔒

Snyk MCP Server (Community)

by sammcj

Local

There is no official, Snyk-published Model Context Protocol server as of this writing — a commonly referenced `snyk/mcp-server` repo does not exist. The most active real alternative is sammcj/mcp-snyk, a community-built, MIT-licensed MCP server that wraps Snyk's API and CLI for agentic security scanning (marked alpha by its author, so expect rough edges). It exposes tools to scan a GitHub or GitLab repository by URL for vulnerabilities, scan an existing Snyk project by ID, and verify that a configured API token is valid, returning the associated user and organization info. Authentication uses a Snyk API token and an org ID, supplied via `SNYK_API_KEY`/`SNYK_ORG_ID` environment variables, falling back to the locally configured Snyk CLI org if one isn't set explicitly. Install with `npx -y github:sammcj/mcp-snyk` in your MCP client config (Claude Desktop, Cursor, etc.). Typical use: ask Claude to "scan https://github.com/org/repo for security vulnerabilities using Snyk" and get back a structured findings summary instead of switching to the Snyk web console. Snyk's own engineering org separately maintains snyk/agentic-integration-wrappers, a set of wrappers for plugging Snyk scanning into agentic workflows more broadly — worth checking if this community MCP server doesn't cover your use case, since it isn't an official Snyk product and has no guaranteed support or roadmap.

🔒

SonarQube MCP Server

by SonarSource

LocalOfficial

The official SonarQube MCP Server, built and maintained by SonarSource, connects AI agents like Claude, Cursor, and VS Code Copilot to SonarQube Server or SonarQube Cloud so code quality and security become part of the agent's workflow rather than a separate CI step. Through it an assistant can pull the projects a token can see, retrieve open issues and code smells, inspect quality gate status and project metrics, and — notably — analyze a code snippet directly inside the agent context without the code first being committed and scanned by a pipeline, which lets Claude check its own just-written code against SonarQube's rules before you ever push. Authentication is a SonarQube user token supplied via the `SONARQUBE_TOKEN` environment variable; SonarQube Cloud users also set `SONARQUBE_ORG` (organization key), and self-hosted SonarQube Server users set `SONARQUBE_URL` to point at their instance (SonarQube Cloud US uses `https://sonarqube.us`). The server is distributed as a Java-based OCI container image at `sonarsource/sonarqube-mcp` on Docker Hub — run it with `docker run --pull=always -i --rm -e SONARQUBE_TOKEN -e SONARQUBE_ORG sonarsource/sonarqube-mcp`, or pin a version tag for reproducible deployments — and works with any OCI-compatible runtime such as Podman or nerdctl. SonarSource also provides an interactive Configuration Generator at mcp.sonarqube.com that emits ready-to-paste client config. Ideal for teams that want AI-assisted code review grounded in the same rules and quality gates their SonarQube project already enforces.

🔒

CrowdStrike Falcon

by CrowdStrike

LocalOfficial

Connects AI agents with the CrowdStrike Falcon platform for intelligent security analysis.

🔒

Auth0 MCP Server

by Auth0 (Okta)

LocalOfficial

The official Auth0 MCP server lets Claude, Cursor, and Windsurf manage an Auth0 tenant end-to-end through natural language instead of the dashboard — create applications, deploy Actions, debug logs, and manage resource servers just by asking. Its standout feature is the guided onboarding flow: the auth0_onboarding tool detects your project framework, creates a correctly configured Auth0 application, writes credentials straight into a .env file (auto-added to .gitignore), and hands off to auth0_get_quickstart_guide, which resolves callback URLs and returns framework-specific SDK integration code — taking a project from zero to a working Auth0 login in one guided conversation. Beyond onboarding, the tool surface spans Applications (list/get/create/update, plus credential export), Resource Servers/APIs (create and manage scopes, token lifetimes, signing algorithms), Application Grants (authorize M2M apps against specific APIs with defined scopes), Actions (create, update, and deploy post-login/pre-token logic), Logs (search and inspect authentication events, e.g. failed logins from a given IP), and Forms (build and publish branded login/signup/password-reset forms). Installs via npx with a device-authorization OAuth flow that stores credentials in your system keychain, supports Claude Desktop, Claude Code, Cursor, Windsurf, VS Code, Gemini CLI, and Codex, and exposes --tools/--read-only flags to scope down which operations an AI agent can perform — important given its Beta status and full read/write tenant access by default.

💻

Semgrep MCP Server

by Semgrep

Auth requiredOfficial

The official Semgrep MCP server lets an AI assistant run Semgrep — a fast, deterministic static analysis engine that semantically understands 30+ languages and ships over 5,000 security rules — directly against the code it is writing or reviewing, so you can "secure your vibe coding" without leaving Claude, Cursor, VS Code, or Windsurf. It exposes a focused tool surface: `security_check` scans code for vulnerabilities, `semgrep_scan` runs a scan with a given rule config, `semgrep_scan_with_custom_rule` applies a custom Semgrep rule you supply inline, `get_abstract_syntax_tree` returns the AST of a snippet so an agent can reason about code structure, `supported_languages` lists the languages Semgrep can parse, and `semgrep_rule_schema` fetches the latest rule JSON Schema for writing new rules. With a Semgrep AppSec Platform login and token, `semgrep_findings` pulls findings from your organization's cloud account. The server runs three ways — as a Python package via `uvx semgrep-mcp` (PyPI: semgrep-mcp), as a Docker container `ghcr.io/semgrep/mcp`, or against Semgrep's hosted endpoint at mcp.semgrep.ai — and supports stdio, Streamable HTTP, and SSE transports. Note: the standalone semgrep/mcp repository is now deprecated, with ongoing development folded into the main `semgrep` binary (semgrep/semgrep, under cli/src/semgrep/mcp), so future updates ship through the official Semgrep CLI itself.

Checked 8d ago

💻

Codacy

by Codacy

LocalOfficial

Interact with Codacy API to query code quality issues, vulnerabilities, and coverage insights.

💻

Qodana

by JetBrains

Local

Static code analysis by JetBrains.

🔒

Burp Suite MCP Server

by PortSwigger

LocalOfficial

The official Burp Suite MCP Server, published by PortSwigger, is a Burp extension that exposes Burp Suite's web-security testing engine to AI clients over the Model Context Protocol, letting Claude and other assistants drive live penetration-testing workflows against a target instead of just reasoning about them abstractly. It ships as a Java extension you load into Burp (built from source with `./gradlew embedProxyJar` to produce `burp-mcp-all.jar`, then added via the Extensions tab), and it bundles a packaged stdio MCP proxy alongside an SSE server so any MCP client can connect — Claude Desktop even gets an automatic installer that writes the client config for you. Once loaded, an MCP tab in the Burp UI controls the server: an Enabled checkbox toggles it, the host/port default to http://127.0.0.1:9876, and a separate opt-in checkbox is required before the assistant is allowed to expose config-editing tools, keeping destructive changes behind an explicit gate. Through these tools an AI client can interrogate and manipulate Burp's state — inspecting proxy history and HTTP traffic, sending and modifying requests, and coordinating scanning — which suits agentic security-testing, triage, and report-drafting workflows. Requires Java (with the `jar` command) on your PATH and a running Burp Suite instance. This is PortSwigger's own first-party server, so it tracks Burp's capabilities directly rather than screen-scraping the UI.

🔒

Cycode

by Cycode

LocalOfficial

Boost security via SAST, SCA, Secrets & IaC scanning with Cycode.

🔒

GitGuardian

by GitGuardian

LocalOfficial

Scan projects using GitGuardian's API with 500+ secret detectors to prevent credential leaks.

🔒

Endor Labs

by Endor Labs

LocalOfficial

Find and fix security risks in your code, scan and secure from vulnerabilities and secret leaks.

🔒

BoostSecurity

by BoostSecurity

LocalOfficial

MCP guardrails coding agents against introducing dependencies with vulnerabilities, malware.

🔒

Drata

by Drata

LocalOfficial

Experimental MCP server for real-time compliance intelligence into your AI workflows.

🔧

HashiCorp Vault

by hashicorp

LocalOfficial

Manage secrets and sensitive data stored in HashiCorp Vault. Read and write secrets, manage dynamic credentials, and handle PKI operations via AI.

🔒

Bitwarden

by bitwarden

LocalOfficial

Open-source password manager MCP. Access Bitwarden vaults, retrieve passwords and secure notes, manage collections, and generate strong passwords via AI.

🔒

Okta

by okta

LocalOfficial

Identity and access management MCP for Okta. Manage users, groups, and applications. Automate user provisioning, enforce policies, and audit access logs.

🔒

Wiz

by wiz-inc

LocalOfficial

Cloud security platform MCP for Wiz. Query misconfigurations, vulnerabilities, and security risks across multi-cloud environments with natural language.

🔒

Trivy

by aquasecurity

LocalOfficial

Comprehensive vulnerability scanner MCP. Scan container images, filesystems, and git repos for CVEs, misconfigurations, and secrets with Aqua's Trivy.

🔒

osquery

by osquery

LocalOfficial

Query operating system data using SQL via osquery. Inspect running processes, network connections, installed software, and system configurations on any OS.

🔒

Falco

by falcosecurity

LocalOfficial

Runtime security detection MCP for Falco. Monitor container and host activity, detect anomalous behavior, query security events, and investigate incidents.

🔒

Shodan

by achristmascarol

Local

Internet-connected device search engine MCP. Query Shodan for device information, CVEs, open ports, and internet exposure data for security research.

🔒

VirusTotal

by VirusTotal

LocalOfficial

Analyze files, URLs, and hashes for malware using VirusTotal's multi-engine scanner. Query threat intelligence, check IP reputation, and investigate IOCs.

🔒

Lacework

by lacework

LocalOfficial

Cloud security analytics MCP for Lacework. Investigate threats, query behavioral anomalies, and analyze cloud activity across AWS, Azure, and GCP.

🔒

Nmap

by nmap-mcp

Local

Network discovery and security scanning MCP using Nmap. Scan ports, detect services, identify OS fingerprints, and analyze network topology for security research.

🔒

JWT Tools

by jwt-mcp

Local

Encode, decode, and verify JSON Web Tokens via MCP. Inspect JWT claims, validate signatures, generate test tokens, and debug authentication issues.

🔧

Tailscale

by tailscale

LocalOfficial

Manage your Tailscale mesh VPN network via MCP. List devices, manage ACLs, view network status, and control peer connections across your tailnet.

🌐

IPInfo MCP

by briandconnelly

Local

IP address geolocation and network information using the IPInfo API. Look up any IP for location data, ASN, organization, carrier info, and abuse contact details.

🔒

HashiCorp Vault MCP

by hashicorp

Local

HashiCorp Vault secrets management MCP server. Read and write dynamic secrets, manage policies and tokens, rotate database credentials, retrieve PKI certificates, and query audit logs via Vault HTTP API.

🔒

Clerk MCP

by clerkinc

Local

Authentication and user management via Clerk. Manage users, organizations, and sessions, query sign-in attempts, configure multi-factor authentication, and handle JWT template settings through Clerk's Backend API.

🔒

Stytch MCP

by stytchauth

Local

Passwordless authentication APIs via Stytch. Manage users, configure magic links and OTP flows, handle OAuth sessions, query organization membership, and set up B2B authentication through Stytch's API.

🔧

Sumo Logic MCP

by SumoLogic

Local

Log management and security analytics via Sumo Logic. Run log queries with Sumo Logic Query Language, view dashboards, manage scheduled searches, and detect anomalies across cloud-native infrastructure.

🔒

NVD Vulnerability Database

by nist-community

Local

Query the NIST National Vulnerability Database (NVD) for CVEs, CVSS scores, affected software versions, and vulnerability details. Essential for security analysis and patch management.

🔒

Tenable

by tenable-community

Local

Integrate with Tenable's vulnerability management platform (Nessus, Tenable.io). Query scan results, asset vulnerabilities, risk scores, and remediation guidance across your infrastructure.

🔒

SentinelOne

by sentinelone-dev

Local

Connect to SentinelOne endpoint detection and response (EDR) platform. Query threat detections, investigate incidents, manage endpoint policies, and respond to security events.

🔒

Metasploit

by rapid7-dev

Local

Interface with Metasploit Framework's RPC API for authorized penetration testing. Query exploits, manage sessions, run modules, and generate reports for security assessments.

🔒

Burp Suite

by portswigger-dev

Local

Integrate with Burp Suite Professional for web application security testing. Scan web apps, intercept requests, run active/passive scans, and access vulnerability findings via the Burp REST API.

🔒

OpenVAS

by greenbone-community

Local

Open source vulnerability scanner integration. Trigger OpenVAS scans, retrieve vulnerability reports, manage scan targets, and analyze security findings via the GVM (Greenbone Vulnerability Management) API.

📋

ContractSafe

by contractsafe-eng

Local

Manage contracts intelligently with ContractSafe. Search contracts by clause, extract key dates and obligations, monitor renewal deadlines, flag missing fields, and generate contract summaries.

💬

Wire

by wireapp

Local

Interact with Wire secure messaging via Bot API. Send encrypted messages, manage group conversations, handle file transfers, and create automated wire bots for internal team communication.

🔒

Orca Security

by orca-security

Local

Query Orca Security cloud security posture management. Retrieve risks, vulnerabilities, and misconfigurations across AWS, Azure, and GCP. Investigate attack paths, compliance status, and asset inventories.

🔒

Wiz

by wiz-engineering

Local

Interface with Wiz cloud security platform. Query vulnerabilities, misconfigurations, and security issues across cloud infrastructure. Investigate risk graphs, compliance frameworks, and remediation priorities.

📊

Splunk

by splunk-community

Local

Query Splunk SIEM and observability platform via MCP. Run SPL searches, fetch log events, explore saved searches and dashboards, investigate security incidents, and correlate machine data for threat hunting workflows.

📊

Graylog

by graylog-community

Local

Query Graylog log management and SIEM platform via MCP. Search log streams using GELF queries, fetch alert conditions, access dashboards, correlate security events, and investigate incidents across distributed infrastructure.

🔒

Qualys VMDR

by qualys-community

Local

Connect to Qualys Vulnerability Management Detection and Response via MCP. Access vulnerability detections, asset inventory, patch management, compliance assessments, and web application scanning results. Automate vulnerability triage, remediation workflows, and security posture reporting.

🔒

Rapid7 InsightVM

by rapid7-community

Local

Integrate with Rapid7 InsightVM vulnerability management via MCP. Access vulnerability findings, asset details, scan results, remediation projects, and risk scores. Query InsightIDR for SIEM events, attacker behavior analytics, and incident response workflows.

🔒

VirusTotal

by virustotal-community

Local

Query VirusTotal threat intelligence platform via MCP. Submit files, URLs, domains, and IP addresses for malware analysis across 70+ antivirus engines, retrieve behavioral sandbox reports, look up historical scan results, access file relationship graphs, monitor watchlists for new detections, and pull threat actor attribution data.

🔒

MISP Threat Intelligence

by misp-project-community

Local

Connect to MISP (Malware Information Sharing Platform) via MCP. Query threat events, IoC attributes (hashes, IPs, domains, CVEs), galaxy clusters (threat actors, malware families), object relationships, sharing groups, and taxonomies. Automate threat hunting workflows, pull correlated attack patterns, and push new indicators from incident response.

🔒

JumpCloud Directory

by jumpcloud-community

Local

Connect to JumpCloud cloud directory platform via MCP. Manage users, groups, devices, and SSO applications. Query user authentication events, device compliance status, LDAP directory records, RADIUS policies, and MDM enrollment data. Automate user provisioning, group membership, and cross-OS device management workflows.

🔒

Cisco Duo Security

by duo-community

Local

Integrate with Cisco Duo MFA and zero-trust security platform via MCP. Query authentication logs, user enrollment status, device health assessments, bypass codes, and policy configurations. Access push notification histories, hardware token records, telephony credits, and administrator activity audits. Automate user access provisioning and MFA policy enforcement.

🔒

OneLogin IAM

by onelogin-community

Local

Connect to OneLogin identity and access management platform via MCP. Manage users, roles, and SAML/OIDC application assignments. Query login event streams, smart factor authentication policies, session anomaly alerts, directory connector sync status, and role-based access control configurations. Automate lifecycle management and access certification workflows.

🔒

Ping Identity

by ping-identity-community

Local

Integrate with Ping Identity enterprise IAM platform via MCP. Access PingFederate, PingAccess, and PingDirectory APIs to query user profiles, OAuth token metadata, SAML federation agreements, API gateway policies, and adaptive authentication risk scores. Manage identity population attributes, group hierarchies, and consent records for GDPR compliance.

🌐

Change Healthcare

by community

Local

Change Healthcare clinical data exchange API — process medical claims, eligibility checks, prior authorizations, and payment remittance for healthcare organizations.

🔒

Jumio Identity Verification

by community

Local

Jumio KYX platform API — trigger automated ID document verification, liveness checks, AML watchlist screening, and risk signals for onboarding flows. Supports 5,000+ ID types from 200+ countries.

🔒

Trulioo Global Identity Verification

by community

Local

Trulioo GlobalGateway API — verify identities worldwide using government databases, credit bureau data, and utility records. Supports KYC, KYB (business verification), AML screening, and document verification across 195+ countries.

🔒

Sumsub KYC Platform

by community

Local

Sumsub verification platform API — automate user identity verification, liveness detection, AML/PEP/sanctions screening, document OCR, and compliance checks for regulated industries including crypto, fintech, and gaming.

🔒

Onfido Identity Verification

by community

Local

Onfido Smart Capture SDK and API — automate biometric identity verification, facial similarity checks, document authenticity analysis, and fraud detection for global user onboarding and re-verification workflows.

🔒

Microsoft Sentinel

by microsoft

LocalOfficial

Official Microsoft Sentinel SIEM MCP server. Query security incidents, hunt threats using KQL, explore data tables, retrieve alerts, and automate security operations workflows directly from AI agents. Connects to Microsoft Sentinel's data lake via natural language.

🔒

GreyNoise

by pipeworx

Local

MCP server for GreyNoise internet scanner intelligence. Query IP reputation, identify mass-scanning noise vs targeted attacks, analyze threat context, and integrate GreyNoise Community and Enterprise APIs into AI-driven security investigations.

🔒

Have I Been Pwned

by pipeworx

Local

MCP server for the Have I Been Pwned data breach catalog. Check if email addresses or usernames appear in known breaches, query Pwned Passwords for compromised credentials, and integrate HIBP's breach database into security workflows and SOC investigations.

🔒

AlienVault OTX

by pipeworx

Local

MCP server for AlienVault Open Threat Exchange (OTX). Query threat indicators (IPs, domains, hashes, CVEs), retrieve pulse subscriptions, search IOCs, and integrate crowdsourced threat intelligence into AI security operations and incident response workflows.

🔒

SOCRadar

by socradar

Local

MCP server for SOCRadar extended threat intelligence. Access dark web monitoring, brand protection alerts, threat actor profiles, vulnerability intelligence, and attack surface management data. Enables AI-driven SOC analysis and proactive threat hunting.

🔒

Elastic Security

by elastic-community

Local

MCP server for Elastic Security SIEM and observability. Query indices, search security events, manage detection rules, analyze endpoint alerts, and run EQL/KQL searches across Elasticsearch clusters. Integrates with Elastic's security analytics and threat hunting workflows.

🔒

Kinde

by kinde-oss

Local

Kinde authentication and user management via MCP. Manage users, organizations, roles, and permissions. Trigger password resets, list active sessions, update user metadata, configure SSO, and audit authentication events. Modern auth platform for B2B SaaS applications.

🔒

Hanko

by teamhanko

Local

Hanko passwordless authentication via MCP. Manage passkeys, email magic links, and OAuth connections. List users, inspect authentication history, configure allowed authentication methods, and manage API keys. Open-source alternative to Auth0 with built-in passkey support.

🔒

Logto

by logto-io

Local

Logto open-source OIDC-based auth platform via MCP. Manage users, applications, roles, and permission scopes. Configure social connectors, MFA policies, and sign-in flows. Inspect audit logs and active sessions. Self-hostable alternative to Auth0 built on OIDC/OAuth 2.1.

🔒

Permit.io

by permitio

Local

Permit.io authorization-as-a-service via MCP. Define and sync RBAC, ABAC, and ReBAC policies. Manage roles, resources, and policy assignments. Audit authorization decisions, update policy rules, and sync user permissions across microservices without re-deploying application code.

🔒

OpenFGA

by openfga

LocalOfficial

OpenFGA fine-grained authorization via MCP. Define relationship-based access control (ReBAC) models, write and read relationship tuples, run authorization checks, and expand permissions graphs. Google Zanzibar-inspired open-source system used by companies like Okta, Auth0, and Twitch.

🔒

IBM OpenPages GRC

by IBM

LocalOfficial

IBM OpenPages Governance, Risk, and Compliance (GRC) platform integration via MCP. Query risk assessments, manage controls and issues, access compliance frameworks, interact with GRC workflows, and integrate AI-assisted risk analysis into enterprise governance processes.

☁️

Cisco Meraki MCP

by cisco-community

Local

Cisco Meraki cloud-managed networking MCP server. Query network topology, clients, alerts, and device health across Meraki MX, MR, MS, and MV products.

🔒

Palo Alto Panorama MCP

by paloaltonetworks-community

Local

Palo Alto Networks Panorama centralized firewall management MCP server. Query security policies, threat logs, and device status across your NGFW fleet.

🔒

FortiGate MCP

by fortinet-community

Local

Fortinet FortiGate next-generation firewall MCP server. Manage firewall policies, VPN tunnels, threat logs, and security profiles via FortiOS REST API.

🔒

MITRE ATT&CK MCP

by mitre-engenuity

Local

MITRE ATT&CK framework MCP server. Search adversary tactics, techniques, and procedures (TTPs), map attack patterns, and query STIX data for threat modeling.

🔒

OpenCTI MCP

by OpenCTI-Platform

Local

OpenCTI cyber threat intelligence platform MCP server. Query threat actors, malware, indicators of compromise, and relationships in your CTI knowledge base.

🔒

TheHive MCP

by StrangeBee

Local

TheHive scalable DFIR and SOC platform MCP server. Create and manage cases, alerts, observables, and tasks for incident response workflows.

🔒

Vanta MCP

by vanta-inc

LocalOfficial

Vanta security compliance automation MCP server. Query SOC 2, ISO 27001, HIPAA, and PCI DSS compliance status, manage controls, view test results, and track remediation.

🔒

Secureframe MCP

by secureframe

LocalOfficial

Secureframe compliance platform MCP server. Automate SOC 2 and ISO 27001 readiness, query control status, manage vendor assessments, and track compliance evidence.

🔒

Sprinto MCP

by sprinto-inc

Local

Sprinto compliance management MCP server for fast-growing startups. Query SOC 2 controls, manage evidence collection, view auditor-ready reports, and track compliance tasks.

🔒

Scrut Automation MCP

by scrut-io

Local

Scrut.io compliance automation MCP server. Manage risk assessments, security policies, vendor questionnaires, and SOC 2/ISO 27001/GDPR compliance workflows.

🔧

Istio Service Mesh MCP

by Community

Local

Configure Istio traffic management, mTLS policies, service entries, and observability for Kubernetes services.

🔒

Keycloak MCP

by Community

Local

Manage Keycloak realms, clients, users, roles, and identity provider configurations.

🔒

AWS Cognito MCP

by Community

Local

Manage AWS Cognito user pools, identity pools, users, groups, and app client configurations.

🔒

WorkOS MCP

by WorkOS

Local

Integrate enterprise SSO, directory sync, audit logs, and magic auth via WorkOS APIs.

🔒

Descope MCP

by Descope

Local

Build and manage authentication flows, passkeys, MFA, and user management with Descope.

🔧

Sonatype Nexus Repository

by Community

Local

Manage artifacts in Sonatype Nexus Repository — search Maven/npm/Docker components, check vulnerability data via OSS Index, and manage repository policies.

🌐

Arlo

by Arlo Technologies

Local

Integrate with Arlo smart security cameras. Access live streams, motion alerts, recordings, and device controls.

🔧

Kong Gateway MCP

by kong

Local

Kong API Gateway management — configure routes, plugins, consumers, upstreams, and rate limits via MCP.

🔒

OWASP ZAP MCP

by community

Local

OWASP ZAP security scanner — launch active scans, spider URLs, and retrieve vulnerability findings via MCP.

🔒

OneTrust MCP

by community

Local

OneTrust privacy and compliance management — access consent data, DSRs, assessments, and compliance workflows.

🔒

HIPAA Vault MCP

by hipaa-community

Local

HIPAA-compliant secure data vault API — store, encrypt, and retrieve Protected Health Information (PHI) with full audit logging. Supports BAA agreements, de-identification workflows, and consent management for healthcare applications.

🔒

Signifyd Fraud Protection MCP

by signifyd-community

Local

Signifyd commerce fraud protection API — automate order decisions with guaranteed fraud protection. Submit orders for review, query fraud scores, manage policies, monitor chargeback disputes, and analyze decline rates across payment channels.

🔒

Kount Fraud Prevention MCP

by kount-community

Local

Kount (Equifax) fraud prevention API — real-time risk assessments, device fingerprinting, and identity trust signals. Query Kount's AI-driven fraud scores, manage custom rules, and monitor account takeover patterns across digital transactions.

🔒

Shodan MCP

by community

Local

Shodan internet-wide scanner API — query exposed services, CVEs, banners, and IP intelligence for security research and asset discovery.

🔒

Tenable Nessus MCP

by tenable

Local

Tenable Nessus vulnerability scanner API — launch scans, retrieve findings, track remediation status, and export vulnerability reports.

🔒

US Compliance MCP

by Ansvar-Systems

Local

MCP server for US cybersecurity and privacy regulations including HIPAA, CCPA, GLBA, FERPA, and COPPA compliance reference material.

🔒

MCP Provenance Monitor

by letmaik

Local

Security monitoring MCP that tracks the supply chain provenance of local MCP servers ensuring integrity and preventing tampering.

🔒

Snyk Security MCP

by community

Local

Scan code, containers, and infrastructure for vulnerabilities using Snyk with automatic fix suggestions, license compliance checking, and developer security workflows.

🌐

Drata GRC MCP

by community

Local

Connect to Drata governance, risk, and compliance platform for continuous control monitoring, evidence collection, risk assessments, and multi-framework compliance automation.

🔒

Checkmarx SAST MCP

by community

Local

Integrate Checkmarx application security testing for static code analysis (SAST), software composition analysis (SCA), IaC security scanning, and API security testing in CI/CD.

🔒

Veracode Security MCP

by community

Local

Connect to Veracode application security platform for static analysis, dynamic analysis (DAST), software composition analysis, penetration testing management, and policy compliance.

🔒

SonarCloud MCP

by community

Local

Access SonarCloud cloud-based code quality and security platform for continuous code inspection, technical debt tracking, security hotspots, and code coverage analysis in CI/CD.

🔒

Grype Vulnerability Scanner MCP

by community

Local

Use Grype open-source container and filesystem vulnerability scanner for SBOM-based vulnerability detection, CVE lookups, policy enforcement, and CI/CD security gates.

🔒

Syft SBOM Generator MCP

by community

Local

Generate Software Bill of Materials (SBOM) with Syft for containers, filesystems, and package managers — producing CycloneDX or SPDX format SBOMs for compliance and supply chain security.

🔒

Aqua Security MCP

by community

Local

Integrate Aqua Security cloud-native security platform for container scanning, Kubernetes runtime protection, serverless security, CI/CD pipeline security, and compliance automation.

🔒

Sysdig Secure MCP

by community

Local

Connect to Sysdig cloud security platform for runtime threat detection, vulnerability management, cloud security posture management (CSPM), and Kubernetes security monitoring.

🔒

Cybereason EDR MCP

by community

Local

Access Cybereason endpoint detection and response platform for threat hunting, malicious operation detection, automated remediation, and ransomware protection across enterprise endpoints.

🔒

VMware Carbon Black MCP

by community

Local

Integrate VMware Carbon Black endpoint security for EDR, antivirus, device control, audit and remediation, and behavioral detection for enterprise security operations centers.

🔒

Exabeam SIEM MCP

by community

Local

Connect to Exabeam security information and event management for behavioral analytics, threat detection, UEBA, automated investigation, and security operations center workflows.

🔒

Darktrace AI Security MCP

by community

Local

Integrate Darktrace AI cybersecurity platform for self-learning threat detection, autonomous response, email security, cloud security posture, and zero-trust enforcement.

🌐

Veriff MCP

by community

Local

Automate identity verification workflows with Veriff AI-powered KYC — document verification, biometric matching, liveness detection, AML screening, and compliance reporting for regulated industries.

🌐

Persona Identity MCP

by community

Local

Orchestrate Persona identity verification flows via API — document ID checks, selfie verification, database lookups, adverse media screening, and custom inquiry workflows for fintech and marketplace compliance.

🌐

Socure MCP

by community

Local

Integrate Socure identity verification for real-time fraud prevention — predictive analytics for identity fraud, document verification, watchlist screening, and KYC/AML compliance for financial services.

☁️

Google Workspace Admin MCP

by community

Local

Administer Google Workspace organizations — manage users, groups, and organizational units, configure domain settings, monitor audit logs, handle device management, and automate onboarding and offboarding workflows via Admin SDK.

🌐

Sardine Fraud Detection MCP

by community

Local

Integrate with Sardine fraud and compliance platform — query device intelligence signals, behavioral biometrics risk scores, transaction risk assessments, AML alert queues, and KYC verification results, manage rule overrides, and retrieve fraud case timelines.

🌐

Checkr Background Checks MCP

by community

Local

Automate employment background screening via Checkr — initiate candidate invitations, retrieve report status and assessment results, manage packages and geos, query adverse action workflows, retrieve continuous check alerts, and access candidate records via the Checkr REST API.

🔒

Palo Alto Panorama MCP

by community

Local

Centralized firewall management via Palo Alto Panorama API — query security policy rules and NAT policies, retrieve threat logs and traffic analytics, manage address objects and service groups, push configuration changes across device groups, retrieve device health and resource utilization, manage security profiles, and audit configuration diffs and compliance posture.

🔒

Check Point SmartConsole MCP

by community

Local

Firewall policy management via Check Point Management API — query and create security rules and access control policies, manage network objects and host definitions, retrieve threat prevention logs and IPS signatures, publish and install policy changes, monitor gateway health, retrieve VPN tunnel status, and audit security policy compliance.

🔒

Barracuda Networks MCP

by community

Local

Email security and network protection via Barracuda API — manage email firewall policies and sender allow/block lists, retrieve threat logs and quarantine reports, query web filtering rules and user activity, manage backup jobs and recovery points, access intrusion detection alerts, configure ATP threat definitions, and monitor gateway performance metrics.

🔒

SonicWall MCP

by community

Local

Network security management via SonicWall NSM API — query firewall rules and access policies, retrieve VPN tunnel status and user sessions, monitor threat events and IPS signatures, manage address objects and service groups, retrieve bandwidth utilization and interface statistics, configure content filtering rules, and manage SonicWall device fleet from a centralized dashboard.

🔒

Acronis Cyber Protect MCP

by community

Local

Data protection and cybersecurity via Acronis Cyber Cloud API — manage backup plans and policies, retrieve backup status and restore points for endpoints and workloads, initiate recovery operations, monitor antimalware scan results and threat detections, retrieve patch management status and vulnerability assessments, manage tenant hierarchies, and track storage consumption and quota usage.

🔒

TrustArc Privacy MCP

by community

Local

Privacy compliance management via TrustArc API — manage consent records and data subject request workflows, retrieve privacy assessment status and findings, manage cookie consent banners and opt-out preferences, access data inventory and processing activity records, track regulatory compliance across GDPR, CCPA, and other frameworks, manage vendor risk assessments, and generate privacy compliance reports.

🔒

CyberArk PAM MCP

by community

Local

Privileged access management via CyberArk REST API — retrieve and rotate credentials from the Digital Vault, manage safe permissions and member assignments, query privileged session recordings and audit logs, manage account onboarding and platform policies, retrieve just-in-time access requests, monitor dual control approvals, access threat analytics and risk scores, and integrate with SIEM and ticketing systems.

🔒

BeyondTrust MCP

by community

Local

Privileged identity and remote access management via BeyondTrust API — manage privileged credentials and rotation schedules, retrieve session recordings and keystroke logs, manage remote support sessions and endpoints, query least privilege policy violations, access password vault contents with policy enforcement, manage role-based access and approval workflows, and integrate with ticketing systems for session authorization.

📋

DocuSign Notary MCP

by community

Local

Orchestrate remote online notarization workflows via DocuSign Notary — initiate RON sessions, invite signers and notaries, manage identity verification steps, track notarization status in real time, retrieve completed notarized documents with tamper-evident seals, and integrate notarization into broader DocuSign eSignature agreement workflows.

🔒

Eufy Security MCP

by community

Local

Integrate with Eufy Security cameras, doorbells, and smart home devices — access live streams and motion event recordings, manage device settings and notification preferences, control Eufy SmartLock access and access codes, query HomeBase event history, manage Eufy RoboVac cleaning schedules, and integrate Eufy security device data into home automation and monitoring workflows.

🔒

SailPoint IdentityNow MCP

by community

Local

Manage enterprise identity governance via SailPoint IdentityNow — query user identities and access entitlements, run access certification campaigns, manage provisioning policies, detect access anomalies and risky entitlements, trigger deprovisioning workflows, pull compliance reports for SOX and SOC 2 audits, manage role mining, and automate joiner-mover-leaver processes.

🔒

HashiCorp Vault MCP

by community

Local

Manage secrets and encryption via HashiCorp Vault — read and write secrets from KV secret engines, generate dynamic database and cloud credentials, manage PKI certificates, access AppRole and Kubernetes auth methods, rotate static secrets, query audit logs, manage policies and tokens, and integrate secrets management into CI/CD pipelines and infrastructure automation.

🔒

1Password MCP

by community

Local

Access 1Password secrets and vaults via the 1Password CLI and Connect API — retrieve secrets by reference path, query vault items, manage secrets in CI/CD environments, inject environment variables from vault, list team vaults and permissions, rotate credentials, manage service account tokens, and integrate secrets retrieval into development and deployment workflows.

🔒

Bitwarden MCP

by community

Local

Access Bitwarden password manager and secrets via the Bitwarden CLI and Secrets Manager API — retrieve login credentials, secure notes, and card data from vaults, manage shared organization collections, query secrets for machine accounts, sync vault state, generate strong passwords, manage item access policies, and integrate secrets retrieval into developer workflows.

🔒

Keeper Security MCP

by community

Local

Integrate Keeper Security enterprise password and secrets management — retrieve credentials from shared vaults, manage team folders and permissions, access Keeper Secrets Manager for DevOps secrets injection, pull admin reports on password hygiene and MFA enrollment, manage user provisioning via SCIM, rotate privileged account credentials, and audit vault access logs.

☁️

Akamai MCP

by community

Local

Manage Akamai CDN and cloud security via the Akamai APIs — configure property rules and caching behaviors, purge cached content, manage WAF and DDoS protection configurations, access real-time traffic analytics, handle edge logic and redirect rules, manage SSL/TLS certificates, query security event logs, manage Ion and Adaptive Acceleration settings, and pull performance insights.

🔧

Doppler MCP

by community

Local

Manage secrets and environment configurations via the Doppler API — fetch secrets for any project, config, and environment; inject environment variables into local dev and CI/CD pipelines; sync secrets across staging, production, and review environments; manage access controls and service tokens; audit secret access logs; rotate API keys; and build automated secret management workflows.

🔧

Infisical MCP

by community

Local

Access Infisical open-source secrets management via their API — read and write secrets across projects and environments; manage secret folders, tags, and overrides; pull secrets for dynamic injection into apps and CI/CD; configure service tokens and machine identities; audit secret change history; sync with AWS Secrets Manager, Azure Key Vault, and GCP Secret Manager; and manage team permissions.

🔧

.env Vault MCP

by community

Local

Sync and manage .env files across teams via Dotenv Vault — push and pull encrypted .env files to the vault, manage environment-specific configs for development, staging, and production, share secrets with teammates securely, generate .env.vault encrypted backup files, integrate with CI/CD pipelines for automatic secret injection, and audit who accessed which environment variables.

📊

Sphera

by Sphera

Local

Integrated risk management and sustainability software. Manage EHS, product stewardship, supply chain risk, and ESG reporting from a single platform.

🔒

Saviynt

by Saviynt

Local

Cloud-first identity governance and administration platform. Manage access lifecycle, privileged access, and application GRC with ML-powered risk analytics.

🔒

Varonis

by Varonis

Local

Data security platform protecting sensitive data across cloud and on-prem. Detect and respond to threats, manage permissions, and monitor data activity in real time.

🔒

Delinea

by Delinea

Local

Privileged access security platform (formerly Thycotic/Centrify). Manage privileged credentials, enforce least privilege, and audit all privileged activity.

🔒

GitHub Dependabot MCP

by community

Local

Manage GitHub Dependabot security alerts and updates via the GitHub REST API — list and triage dependency vulnerabilities, retrieve CVSS scores and affected packages, dismiss or escalate security alerts, access auto-merge pull request statuses, query version update configurations, bulk-update Dependabot PRs, and integrate automated dependency security management into AI-driven DevSecOps workflows.

Sponsored

1Password

14-day Free Trial

Store and inject API keys, payment credentials, tokens, and file access secrets into your MCP server configs. Trusted by 150K+ developers.

Try 1Password free →