Aderyn is an open - source Solidity smart contract static analysis tool written in Rust, which helps developers and security researchers discover vulnerabilities in Solidity code. It supports Foundry and Hardhat projects, can generate reports in multiple formats, and provides a VSCode extension.

Cycode CLI is a locally installed application used to scan code repositories for security vulnerabilities, including sensitive information leakage, Infrastructure as Code misconfigurations, Software Composition Analysis vulnerabilities, and Static Application Security Testing issues. This tool supports multiple scan types, such as repository scanning, path scanning, and commit history scanning, and provides an ignore rule function to exclude specific results.

MCP Server Semgrep is a server that complies with the Model Context Protocol standard, integrating the Semgrep static analysis tool with an AI assistant to provide code security analysis, quality improvement, and vulnerability detection functions. The project simplifies the architecture design, supports multi - platform operation, can be installed in multiple ways, and provides a rich set of code analysis functions.

SCAST is a programming tool that converts code into UML diagrams and flowcharts, supports multiple languages, and provides static analysis and visualization functions.

SCAST is a programming tool that converts code into UML diagrams and flowcharts, supports multiple languages, and helps understand code structure through static analysis and visualization.

A Semgrep server based on the MCP protocol for integrating static code analysis and rule management into the development environment.

This is an MCP server for code analysis and web scraping. It supports code quality checking, dependency analysis, static/dynamic web scraping, and API discovery, providing development tools for AI assistants.

An MCP service that provides static analysis of Clojure code

PMD is an extensible multilingual static code analysis tool mainly used to detect common programming defects in languages such as Java and Apex. It supports 16 languages and more than 400 built - in rules and includes a duplicate code detection function.

This is a security analysis MCP server based on Symbiotic CLI, which provides code and infrastructure security scanning tools for compatible clients through the MCP protocol, supporting static analysis, vulnerability detection, and automatic repair suggestions.

Quack is a continuous integration server based on the MCP protocol, focusing on the automated analysis and testing of Python code. It provides functions such as code style checks and static type analysis.

The code review MCP server based on Gemini CLI provides structured code review functions for AI assistants by automatically collecting local code differences and static analysis results.

The Inkog MCP Server is a code security scanning and compliance verification tool specifically designed for AI agent development. It provides functions such as static analysis, governance file verification, MCP server audit, and multi - framework compliance report generation to help developers detect logical defects and security vulnerabilities early in the development process.

A Semgrep server based on the MCP protocol for integrating the static code analysis tool Semgrep into the development environment, supporting rule management and scanning functions.

A GitHub PR code review tool based on Cursor AI that automatically performs static analysis, security scans, and tests through the local toolchain and generates Markdown reports.