"A server for finding information about Checkmarx application security testing software" matching MCP tools:

• inspect_security_headers

  Ground Truth - First Call Activation

  Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.

  Connector

• switch_dannet_server

  dannet

  Switch between local and remote DanNet servers on the fly. This tool allows you to change the DanNet server endpoint during runtime without restarting the MCP server. Useful for switching between development (local) and production (remote) servers. Args: server: Server to switch to. Options: - "local": Use localhost:3456 (development server) - "remote": Use wordnet.dk (production server) - Custom URL: Any valid URL starting with http:// or https:// Returns: Dict with status information: - status: "success" or "error" - message: Description of the operation - previous_url: The URL that was previously active - current_url: The URL that is now active Example: # Switch to local development server result = switch_dannet_server("local") # Switch to production server result = switch_dannet_server("remote") # Switch to custom server result = switch_dannet_server("https://my-custom-dannet.example.com")

  Connector

• seneschal_private_watch_derive_viewkey

  Seneschal Data

  Hands a 12- or 24-word seed phrase to NFPT's orchard-scanner CLI, returns the matching UFVK. FREE but rate-limited to 6/minute/IP. Be loud about the security trade-off: the phrase transits our server (no logging, no persistence) but a network observer between you and us would see the bytes. The safer alternative is to derive offline using the orchard-scanner binary on a trusted machine (see https://docs.seneschal.space/derive-locally). A UFVK is read-only; it cannot spend funds.

  Connector

• package_health

  dynamic-feed

  Health & security posture of a software package (npm / PyPI / Go / Maven / Cargo / NuGet / RubyGems) from deps.dev (Google Open Source Insights, keyless): latest version, license, count of known security advisories, the OpenSSF Scorecard (0-10 security-posture score for the source repo + its weakest checks) and popularity (stars/forks). The "should I depend on this?" check — pairs with check_vulnerability (is a version vulnerable) and software_version (is the runtime current). Args: package (e.g. "lodash", "requests"), ecosystem (npm|pypi|go|maven|cargo|nuget|rubygems), version (optional — defaults to the latest).

  Connector

• get_job

  JobGPT

  Get detailed information about a specific job listing/posting by its job listing ID (not application ID). Use this to view the full job posting details including description, salary, skills, and company info. For job application details, use get_application instead.

  Connector

• guides.get

  AI Design Blueprint Doctrine

  Get a full application guide by its stable slug (e.g. 'security-application', 'observable-evaluation'). Returns sections, action items, and linked principles. Use this when you already have the guide slug from guides.list or guides.search. Prefer guides.search when the user describes a topic in natural language; prefer guides.list when you need the full inventory.

  Connector

• guides.get

  AI Design Blueprint Doctrine

  Get a full application guide by its stable slug (e.g. 'security-application', 'observable-evaluation'). Returns sections, action items, and linked principles. Use this when you already have the guide slug from guides.list or guides.search. Prefer guides.search when the user describes a topic in natural language; prefer guides.list when you need the full inventory.

  Connector

• get_investment_category_signal

  Stratalize Healthcare

  Use when evaluating VC software category attractiveness or assessing portfolio category exposure before an investment decision. Returns growth signal, top brands, and citation evidence for any software category. Example: AI infrastructure category — GROWTH signal, top brands Nvidia 67% citation share, Anthropic 18%, xAI 9% — accelerating citation growth signals sustained investment thesis. Source: Stratalize citation heuristics.

  Connector

• guides.list

  AI Design Blueprint

  List application guides that show how Blueprint principles apply to engineering challenges (security, evaluation, observability, etc.). Use this to discover which guides exist before drilling in. Prefer guides.search when the user describes a topic or failure mode in natural language. Prefer guides.get when you already know the guide slug and need full detail.

  Connector

• guides.get

  AI Design Blueprint

  Get a full application guide by its stable slug (e.g. 'security-application', 'observable-evaluation'). Returns sections, action items, and linked principles. Use this when you already have the guide slug from guides.list or guides.search. Prefer guides.search when the user describes a topic in natural language; prefer guides.list when you need the full inventory.

  Connector

• assessment_get_cross_server_routes

  website-search

  Get Lenny Zeltser's Security Assessment cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `assessment_load_context`. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.

  Connector

• pentest_lookup_technique

  pentest-mcp-server

  Look up a MITRE ATT&CK technique by ID or keyword for authorized penetration testing and security research. Returns the full technique record: name, associated tactics, description, detection opportunities (log sources, behavioral indicators), real-world procedure examples from public reporting, recommended mitigations, and related sub-techniques. The detection and mitigation sections make this equally useful for defenders building detection coverage. Accepts exact IDs (T1190, T1059.001) or keyword search (e.g., "sql injection", "pass the hash", "web shell upload").

  Connector

• moxie.get_conventions

  Moxie Docs

  Get the coding conventions Moxie inferred for the repository. Read-only; no side effects. Returns a Markdown list grouped by category (e.g. testing, structure, docs, review); each convention has a title, summary, confidence score, agent guidance, and the source file paths that evidence it. Use this for the general rules to follow; when you already know the files you're about to edit, prefer moxie.get_doc_impact for conventions scoped to those paths.

  Connector

• get_demo_guide

  eDiscovery Decoder News/Calc

  Return a short, human-readable walkthrough for testing this server: the endpoint, the tool/prompt/resource names, and ready-to-paste sample prompts. Use to give someone a guided demo. For the full machine-readable capability catalog, use list_capabilities instead.

  Connector

• asvs_chapters

  Owasp

  Table of contents for the OWASP ASVS 5.0 (Application Security Verification Standard): the 17 chapters (V1–V17) with names and requirement counts per assurance level. Use to discover which chapter to pull with asvs_requirements.

  Connector

• web_search_exa

  exa

  Search the web for any topic and get clean, ready-to-use content. Best for: Finding current information, news, facts, people, companies, or answering questions about any topic. Returns: Clean text content from top search results. Query tips: describe the ideal page, not keywords. "blog post comparing React and Vue performance" not "React vs Vue". Use category:people / category:company to search through Linkedin profiles / companies respectively. If highlights are insufficient, follow up with web_fetch_exa on the best URLs.

  Connector

• get_business

  Venturu

  Get full details for a single business (listing) by its slug. Call this when the user asks for more information about a specific business. Use the slug from search_businesses results.

  Connector

• get_broker

  mcp-server

  Get full details for a single broker (agent) by their profile slug. Call this when the user asks for more information about a specific broker. Use the slug from search_brokers results.

  Connector

• lookup_headers

  botoi-mcp

  Fetch HTTP response headers for a URL. Use when inspecting server configuration, security headers, or caching policies.

  Connector

• aidefense_get_framework_alignment

  website-search

  Get AI Defense Matrix cross-mappings to nine external frameworks: NIST IR 8596, CSA AI Controls Matrix, ISO 42001, Google SAIF, SANS Critical AI Security Guidelines, MITRE ATLAS, OWASP AI Exchange, OWASP LLM Top 10, OWASP Agentic Security Top 10. Each row maps an AI asset class to how that framework applies. Each returned framework also carries a 'concepts' array of the structured IDs (MITRE ATLAS techniques, OWASP risks, ISO clauses) the matrix references for it. Supports a 'buyer' archetype shortcut to scope to the frameworks a particular buyer will care about. Use to translate between framework vocabularies. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis.

  Connector