moderateSelf-reported2026-03
Datadog Code Security MCP — GA March 2026Official MCP server for Datadog Code Security went GA in March 2026. Covers SAST + secrets + SCA + IaC within observability platform.
Official product launchDatadog
← All solutions
Datadog Code Security MCP
activeSAST + secrets + SCA + IaC scanning within Datadog's observability stack. Official MCP server GA March 2026. Best when you already have Datadog for monitoring and want unified security-in-observability.
Score 35
Where it wins
Unified security-in-observability — SAST + secrets + SCA + IaC in one platform
Official MCP server, GA March 2026
Correlate security findings with runtime observability data
Where to be skeptical
Requires Datadog API key and subscription
Not useful without existing Datadog investment
Security features are secondary to Datadog's core observability platform
Editorial verdict
Best for Datadog-native shops. SAST + secrets + SCA + IaC within your existing observability stack. Don't add 4 separate tools if you already have Datadog. GA March 2026.
Related
CodeQL (via GitHub MCP Server)
88GitHub-native SAST via CodeQL, accessible through the official GitHub MCP Server. Copilot Autofix generates fixes from CodeQL alerts. GitHub Security Lab Taskflow Agent found ~30 real CVEs. Zero extra setup for GitHub users.
TruffleHog
8818K+ stars. 800+ secret types. Unique credential verification — confirms if leaked creds are still active. Scans S3, Docker, Slack — not just git. No official MCP but community integrations exist.
Gitleaks
8824.4K stars — most-starred secret scanner. 150+ patterns. Fastest pre-commit scanner. The community default for pre-commit secret detection. No official MCP.
Tencent AI-Infra-Guard
81Most comprehensive OSS AI red teaming tool. 3,264 stars. Full-stack: ClawScan, Agent Scan, Skills Scan, MCP scan, jailbreak eval. 43 AI framework components, 589 CVEs cataloged. v4.0 released.
Public evidence
Raw GitHub source
GitHub README could not be fetched right now.