#sast

Dead code detection, security scanning, and code quality analysis for Python, TypeScript, and Go. 98% recall with 3x fewer false positives than Vulture. 5 tools: analyze, security_scan, quality_check, secrets_scan, remediate. AI-powered auto-fix agent.

Plugin for JADX to integrate MCP server

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

The SonarQube MCP Server is a Model Context Protocol (MCP) server that enables seamless integration with SonarQube Server or Cloud for code quality and security. It also supports the analysis of code snippet directly within the agent context.

Code Pathfinder's MCP Server provides AI coding assistants like Claude Code with deep semantic understanding of codebases through call graph analysis, symbol search, and dependency tracking. It enables developers to ask natural language questions like "who calls this function?" instead of manually using grep or searching code. The tool runs 100% locally (your code never leaves your machine), is free and open-source under AGPL-3.0, and installs in under 5 minutes. [codepathfinder](https://codepathfinder.dev/mcp)

Security MCP server with 300+ rules for AI-generated code. Scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 20+ modules. Zero config, runs locally.