Code-MCP

{ "security": { "sast": [ { "id": "sonarqube", "name": "SonarQube", "type": "SAST", "languages": [ "Java", "JS", "TS", "Python", "C#", "Go" ] }, { "id": "checkmarx", "name": "Checkmarx", "type": "SAST", "languages": [ "40+ languages" ] }, { "id": "veracode", "name": "Veracode", "type": "SAST/DAST", "languages": [ "Enterprise" ] }, { "id": "snyk-code", "name": "Snyk Code", "type": "SAST", "languages": [ "JS", "TS", "Python", "Java", "Go" ] }, { "id": "semgrep", "name": "Semgrep", "type": "SAST", "languages": [ "Pattern-based" ] }, { "id": "codeql", "name": "CodeQL", "type": "SAST", "languages": [ "GitHub native" ] } ], "dast": [ { "id": "owasp-zap", "name": "OWASP ZAP", "type": "DAST", "features": [ "Open-source", "Proxy", "Scanner" ] }, { "id": "burp-suite", "name": "Burp Suite", "type": "DAST", "features": [ "Proxy", "Scanner", "Intruder" ] }, { "id": "acunetix", "name": "Acunetix", "type": "DAST", "features": [ "7000+ vulnerabilities" ] }, { "id": "invicti", "name": "Invicti", "type": "DAST", "features": [ "Proof-based scanning" ] }, { "id": "stackhawk", "name": "StackHawk", "type": "DAST", "features": [ "CI/CD native", "API testing" ] } ], "sca": [ { "id": "snyk", "name": "Snyk", "type": "SCA", "features": [ "Dependencies", "Containers", "IaC" ] }, { "id": "mend", "name": "Mend.io", "type": "SCA", "features": [ "Open source", "License compliance" ] }, { "id": "dependabot", "name": "Dependabot", "type": "SCA", "features": [ "GitHub native", "Auto-PRs" ] }, { "id": "owasp-dc", "name": "OWASP Dependency-Check", "type": "SCA", "features": [ "Open-source", "NVD" ] } ], "secrets": [ { "id": "gitguardian", "name": "GitGuardian", "type": "Secrets", "features": [ "Real-time", "Pre-commit" ] }, { "id": "trufflehog", "name": "TruffleHog", "type": "Secrets", "features": [ "Git history", "Open-source" ] }, { "id": "gitleaks", "name": "Gitleaks", "type": "Secrets", "features": [ "Fast", "TOML config" ] } ] }, "compliance": { "owasp": { "name": "OWASP Top 10", "categories": [ "A01: Broken Access Control", "A02: Cryptographic Failures", "A03: Injection", "A04: Insecure Design", "A05: Security Misconfiguration", "A06: Vulnerable Components", "A07: Authentication Failures", "A08: Software and Data Integrity Failures", "A09: Security Logging Failures", "A10: Server-Side Request Forgery" ] }, "pci-dss": { "name": "PCI-DSS", "scope": "Payment card data", "requirements": [ "Secure network", "Protect cardholder data", "Vulnerability management", "Access control", "Monitoring", "Security policy" ] }, "hipaa": { "name": "HIPAA", "scope": "Protected Health Information (PHI)", "rules": [ "Privacy Rule", "Security Rule", "Breach Notification Rule" ] }, "soc2": { "name": "SOC2", "criteria": [ "Security", "Availability", "Processing Integrity", "Confidentiality", "Privacy" ] }, "iso27001": { "name": "ISO 27001", "scope": "Information Security Management System (ISMS)", "principles": [ "Security by design", "Risk assessment", "Continuous improvement" ] }, "gdpr": { "name": "GDPR", "scope": "EU personal data", "principles": [ "Lawfulness", "Purpose limitation", "Data minimization", "Accuracy", "Storage limitation", "Security", "Accountability" ] } }, "bestPractices": { "cors": [ "Use whitelist", "Avoid wildcard", "Credentials handling" ], "authentication": [ "OAuth 2.0", "OIDC", "JWT", "SAML", "MFA", "Passwordless" ], "authorization": [ "RBAC", "ABAC", "Policy-based", "Least privilege" ], "encryption": [ "TLS 1.3", "AES-256", "RSA-2048+", "HTTPS everywhere", "Encrypt at rest" ], "apiSecurity": [ "Rate limiting", "Input validation", "Output encoding", "API keys", "OAuth scopes" ] } }