Top security MCP servers

Ranked by the composite AgentRank score — a weighted blend of stars (15%), freshness (25%), issue health (25%), contributors (10%), and inbound dependents (25%). Average score across all 614 security tools is 38.7. The tools below are in the top tier.

Choosing by use case

Vulnerability scanning (code and dependencies)

snyk/snyk-mcp-server is the top-scoring security tool in the index at 87.23. The official Snyk server covers four vectors: code vulnerabilities (SAST), open source dependency scanning, container image scanning, and IaC misconfiguration detection. 19 contributors and active commits. If you need a single server that handles the full vulnerability surface, this is it.

Secrets management

hashicorp/vault-mcp-server is the official HashiCorp server at 85.91. Agents can read and write secrets, manage dynamic credentials, generate PKI certificates, and handle lease renewals — all through natural language instructions to the agent. 22 contributors and Go implementation. The correct choice for any org already running Vault.

Container security

aquasecurity/trivy-mcp brings the Trivy scanner into the MCP ecosystem at 82.14. Trivy is the standard open-source container vulnerability scanner — CVE detection, SBOM generation, IaC scanning. The official Aqua Security server means you get upstream support when the CVE database changes or Trivy adds new scan targets.

Static analysis and SAST

semgrep/semgrep-mcp scores 80.67 with 18 contributors and a March commit. The official Semgrep server lets agents run any of Semgrep's 3,000+ community rules or custom rules you write. Particularly useful for enforcing security patterns in code review workflows — the agent runs Semgrep on each PR diff and surfaces findings directly.

Cloud security posture (CSPM)

prowler-cloud/prowler-mcp has the highest contributor count in this list at 31, scoring 76.88. Prowler runs 400+ compliance and security checks across AWS, GCP, and Azure — CIS benchmarks, SOC2, GDPR, HIPAA, and more. The community server is more battle-tested than most of the official alternatives in this space.

Web application penetration testing

owasp/zap-mcp-server is the official OWASP ZAP server at 74.32. ZAP is the standard open-source DAST tool — web application scanning, fuzzing, and interception proxy. The MCP interface lets agents drive automated DAST scans, interpret findings, and suggest remediations. 28 contributors and strong community backing behind the OWASP organization.

Secrets detection (leaked credentials)

trufflesecurity/trufflehog-mcp scores 71.55. The official TruffleHog server scans git repos, filesystems, and CI pipelines for 800+ types of credentials — API keys, tokens, private keys, passwords. Useful as a pre-commit hook agent or as part of a post-merge security pipeline.

Security-specific considerations

Permission scoping matters more here than anywhere

Security tools often need elevated permissions to do their job — read access to secrets, ability to run scans against production systems, access to cloud APIs. Before integrating any security MCP server, explicitly define what permissions the agent should have and apply least-privilege. The server's documentation should enumerate required permissions clearly. If it doesn't, treat that as a red flag.

Official servers are especially important for security tooling

For security tools specifically, prefer official servers over community alternatives wherever they exist. A community-maintained wrapper around Vault or Snyk could have bugs that result in secrets exposure or false negatives on vulnerability scans. The stakes are higher than a database query returning stale data. Official vendor servers have security review processes and responsible disclosure pipelines.

Audit your agent's outputs

Security scanning agents are only useful if their findings are acted on. Don't just pipe scan results into a log file. Route high-severity findings to your ticketing system, alert on critical CVEs immediately, and track resolution rates. The MCP server does the detection; your workflow does the response.

Watch for scope creep

Security agents have a tendency to grow permissions over time as new scan types are added. Review the permissions of security-related MCP servers quarterly — both what the server requests and what the agent using it has been granted in your environment.