Tools and solutions for securing MCP applications
Feature | MCP-Scan | MCPScan.ai | Semgrep MCP | Invariant Guardrails |
---|---|---|---|---|
Provider | Invariant Labs | mcpscan.ai | Semgrep | Invariant Labs |
Primary Focus | CLI-based MCP server security scanning | Web-based MCP vulnerability scanning | Code vulnerability scanning | LLM interaction security |
Installation/Access | uvx mcp-scan@latest | Web service | uvx semgrep-mcp | API integration |
Detects Prompt Injection | ✅ | ✅ | ❌ | ✅ |
Detects Tool Poisoning | ✅ | ✅ | ❌ | ✅ |
Code Vulnerability Scanning | ❌ | ✅ | ✅ | ❌ |
Tool Description Inspection | ✅ | ✅ | ❌ | ❌ |
Cross-Origin Protection | ✅ | ✅ | ❌ | ✅ |
Continuous Monitoring | ❌ | ✅ (Enterprise) | ❌ | ✅ |
Knowledge Base | ❌ | ✅ | ❌ | ❌ |
License | Apache-2.0 | Commercial | MIT | Commercial |