AUTOMATIONSWITCH
// MCP Server Category

SECURITY MCP SERVERS

Security servers let models interact with security systems through the MCP protocol. Each entry carries an editorial score, security notes, and per-client connection configs.

Servers
3
Avg editorial score
3.8 / 5
Official servers
0
Added this quarter
3
Last re-verified
APR 30, 2026
Share:
// Top rated

THE THREE TO BEAT

01Top of category
VendorSecurity

Infisical MCP

Infisical

Official Infisical MCP for secrets management. The most actively maintained official server in this batch security category (8 commits in the last 30 days). 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two releases shipped, latest two weeks ago. Apache-2.0, npm-distributed. Two authentication methods: machine identity universal-auth (recommended for production) and access-token (for personal or single-machine workflows). Self-hostable Infisical instances supported via INFISICAL_HOST_URL. Free Infisical tier available for evaluation.

10 Tools45 Stars
View details →
02Runner up
Vendor

Trivy MCP

Aqua Security

Official Aqua Security plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin (trivy plugin install mcp), so installation is one command for teams already running Trivy. 21 releases shipped over the project first year. Star count and recent commit cadence are low; treat as a stable vendor surface; mature feature set with low-cadence maintenance. Optional integration with Aqua Platform for assurance policy compliance for paid Aqua customers. Trivy is the de facto open-source vulnerability scanner for containers, IaC, and SBOM generation. The MCP plugin lets agents ask security questions in natural language (filesystem scans, container image scans, remote repository analysis). Three transport modes: stdio, streamable HTTP, and SSE. Integrates with VS Code, Cursor, JetBrains IDEs, and Claude Desktop.

3.8/5
View details →
03Third place
Vendor

Okta MCP Server

Okta

Official Okta IAM MCP. Pushed yesterday with zero tagged releases yet, which is the central caveat: this server ships from `main` and operators wanting version pinning have to commit-pin. Apache-2.0, Python, 31 stars. The technical surface is the most polished in this batch security category: full CRUD on users, groups, applications, and policies; two authentication methods (Device Authorization Grant for interactive use, Private Key JWT for server-to-server); and integration with the MCP Elicitation API for confirming destructive operations through the client. The official path for agent-driven Okta administration. Built on Okta Python SDK. Distinctive feature: destructive operations (deletes, deactivations) prompt the user for confirmation through the MCP Elicitation API before proceeding, with automatic fallback for clients that omit Elicitation support. Docker-first installation path documented; uv-based path also available.

3.7/5
View details →
Type
Sort
3 of 3
// All in category

ALL SECURITY SERVERS

Vendor4/5

Infisical MCP

Infisical

Official Infisical MCP server for secrets management. 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two authentication methods (machine identity universal-auth and access-token), self-hostable instance support via INFISICAL_HOST_URL.

10 tools · 45 ★Details →
Vendor3.8/5

Trivy MCP

Aqua Security

Official Aqua Security Trivy plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin: `trivy plugin install mcp`. Three transport modes (stdio, streamable HTTP, SSE), IDE integration for VS Code, Cursor, JetBrains, and Claude Desktop.

4 tools · 37 ★Details →
Vendor3.7/5

Okta MCP Server

Okta

Official Okta IAM MCP. Full CRUD on users, groups, applications, and policies via the Okta Python SDK. Two authentication methods (Device Authorization Grant for interactive use, Private Key JWT for server-to-server) and integration with the MCP Elicitation API for confirming destructive operations.

6 tools · 31 ★Details →
// Related categories

CATEGORIES TO CROSS-REFERENCE

Dev Tools
9 serversAvg 4.3
Database
6 serversAvg 4.3
Cloud
5 serversAvg 4.2
Productivity
5 serversAvg 4.2
AI / ML
4 serversAvg 4.3
Infrastructure
4 serversAvg 4.3
// Stay current

GET THE SECURITY MCP WATCHLIST.

We score a new security MCP the week it ships. Get the update, plus any re-scores when a server changes enough to move its rating. One email per week maximum.

// Tagged mcp-category-security · Unsubscribe any time