GitHub-native CI, SARIF, Code Scanning, and security gates for MCP servers before agents depend on them.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
GitHub-native CI, SARIF, Code Scanning, and security gates for MCP servers before agents depend on them.