Tools

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

Open-source file upload security for Node.js. Scan files before storage to detect malware, MIME spoofing, and risky archives.

Find, verify, and analyze leaked credentials

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

Open-source security reports — no paywalls, just actionable insights.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

A vulnerability scanner for container images and filesystems

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

7 SQL tools (validate, format, parse, lint, security scan, metadata extraction, full analysis) over Streamable HTTP. Public remote server at mcp.gosqlx.dev - no install needed. 1.25M+ ops/sec, 6 SQL dialects.

unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock

Open Source Cloud Native Application Protection Platform (CNAPP)