If you're building Go payment services and need to ship PCI DSS compliant code, this server runs static analysis against your codebase and maps every violation to a specific v4.0.1 requirement ID. It traces taint flow from HTTP input through major frameworks like gin and chi into log sinks, catches weak crypto and hardcoded keys, flags missing audit logs on payment flows, and scans dependencies for CVEs using the OSV database without leaking module names. The triage_findings tool runs all 12 scanners plus AI classification in one call. It covers about 6% of PCI DSS requirements, the stuff you can catch statically before a QSA audit. Not a replacement for Semgrep or CodeQL, but purpose built for payment code.
claude mcp add --transport stdio shyshlakov-pci-dss-mcp uvx pci-dss-mcp