Skills for SAST scanning, secret detection, agent/MCP security scanning, and offensive security. The category splits into four sub-themes: SAST/code scanning (Semgrep MCP #1), secret detection (GitGuardian MCP #1), agent/MCP security scanning (Snyk Agent Scan #1), and offensive security (HexStrike AI #1). Agent security scanning is the fastest-growing sub-theme — these tools scan your agents, skills, and MCP servers, not your application code.
10
Ranked
7
Signals
Current ranking
Best for: OSS SAST scanning with official MCP integration — the default recommendation for code security in agent workflows
641 stars on semgrep/mcp. 46% vuln detection in DryRun benchmark (vs SonarQube 19%). LinkedIn rebuilt SAST pipeline around it (Feb 2026). Mindshare rising 1.6% → 2.6%. AST-based rules are transparent and auditable.
Best for: Enterprise agent/MCP security scanning — scans your agents, skills, and MCP servers for prompt injection, tool poisoning, toxic flows
1,929 stars. Auto-discovers Claude, Cursor, Gemini CLI, Windsurf configs. Skill Inspector launched Feb 2026. Snyk+Vercel supply chain partnership. Enterprise trust.
Best for: Purpose-built secret scanning for agent workflows — 500+ detectors with hard merge gates
500+ detectors. Official MCP server. Hard merge gate for AI-generated code. State of Secrets Sprawl 2026 report: 81% surge in AI-service key leaks, 24,008 secrets in MCP configs.
Best for: Most comprehensive OSS AI red teaming — full-stack scanning without commercial dependencies
3,264 stars (highest in agent security). Full-stack: ClawScan, Agent Scan, Skills Scan, MCP scan, jailbreak eval. 43 AI framework components, 589 CVEs cataloged. v4.0 released. Fully OSS.
Best for: AI-native SAST with highest reported detection rate — the dark horse if benchmarks are independently confirmed
88% vuln detection out-of-box — nearly 2× Semgrep. Official MCP server. $8.7M raised. Natural language code policies.
Best for: Agent-assisted offensive security — authorized pentesting, CTF, and bug bounty automation
7,561 stars — largest security MCP repo. 150+ cybersecurity tools via MCP. Autonomous pentesting, vuln discovery, bug bounty automation.
Best for: GitHub-native shops — zero-config SAST + Copilot Autofix for end-to-end remediation
8K+ stars. Copilot Autofix generates fixes from CodeQL alerts. GitHub Security Lab Taskflow Agent found ~30 real CVEs. Zero extra setup via GitHub MCP Server.
Best for: Behavioral MCP analysis — detects semantic threats that pattern matching misses
852 stars. 3 scanning engines (Yara, LLM-as-judge, Cisco AI Defense). Behavioral code analysis. Enterprise-backed, open source.
Best for: CI/CD credential verification — confirms which leaked secrets are still active and dangerous
18K+ stars. 800+ secret types. Unique credential verification. Scans S3, Docker, Slack — not just git.
Best for: Pre-commit secret detection — the lightweight OSS standard
24.4K stars — most-starred secret scanner. 150+ patterns. Fastest pre-commit scanner. Community default.
Head to head
Semgrep has community trust (641 stars, LinkedIn adoption, rising mindshare) and transparent AST-based rules. DryRun claims 88% detection (nearly 2× Semgrep's 46%) but it's self-reported. Semgrep is the safe bet; DryRun is the upside bet pending independent verification.
Snyk has enterprise trust, auto-discovery of agent configs, Skill Inspector, and Vercel partnership. Tencent has more stars (3,264 vs 1,929), broader scanning (589 CVEs, jailbreak eval), and is fully OSS. Enterprise teams → Snyk. OSS-first / red teamers → Tencent.
GitGuardian has 500+ detectors, hard merge gates, and definitive industry research. GitHub has zero-config setup for GitHub MCP Server users (launched Mar 17). GitGuardian for comprehensive coverage. GitHub for zero-setup convenience. Both are additive — GitGuardian catches what GitHub misses.
Semgrep is platform-independent with 46% detection rate and official MCP. CodeQL is zero-config for GitHub users with Copilot Autofix. If you're GitHub-native, CodeQL + Autofix is hard to beat. Otherwise, Semgrep is more flexible.
HexStrike has 7,561 stars and 150+ tools — breadth leader. MCP for Security (569 stars) is more curated and organized for working pentesters. HexStrike for exploration, MCP for Security for focused pentesting.
Public signals
Definitive annual report. 81% surge in AI-service key leaks. 24,008 secrets found in MCP configurations. Quantifies the problem agent security tools solve.
28 new secret detectors + push protection on by default. Launched 3 days ago. Zero extra setup for GitHub MCP Server users. Strongest zero-config option.
Skill Inspector scans individual skills/tools for prompt injection, tool poisoning, toxic flows. Extends Snyk Agent Scan from agent-level to skill-level scanning.
Enterprise-scale validation. LinkedIn replaced prior SAST tooling with Semgrep as core scanning engine. Strongest enterprise adoption signal for Semgrep MCP.
v4.0 released. Most comprehensive OSS AI security scanner. 589 CVEs cataloged. Full-stack: ClawScan + Agent Scan + Skills Scan + MCP scan + jailbreak eval.
First cross-tool SAST benchmark for agent workflows. Self-reported by DryRun — awaiting independent confirmation. If confirmed, reshuffles SAST rankings.
Mindshare declining. Only community MCPs. Weaker vuln detection vs Semgrep (19% vs 46% in DryRun benchmark). Still strong for code quality, not security leadership.
What changes this
DryRun publishes an independent, reproducible benchmark → If confirmed, DryRun moves to #1 SAST above Semgrep.
GitHub ships agent security scanning → 'Use the platform natively' answer gets much stronger for GitHub shops.
Semgrep or Snyk ships agent security scanning → consolidates SAST + agent security in one tool.
Tencent AI-Infra-Guard gets Western enterprise adoption → moves to #1 agent security above Snyk.
A major OpenClaw-style incident hits another ecosystem → accelerates agent security adoption, boosts Snyk Agent Scan + Cisco MCP Scanner.
SonarQube ships an official MCP server + improves detection → could reverse decline, but needs to close the gap.
TruffleHog ships an official MCP server → jumps to #3-4 for secret detection in agent workflows.