EN RU

GitHub MCP Server: Secret Scanning GA and Dependency Scanning Public Preview

GitHub

Tools official 2 src. ~1 min

GitHub shipped two MCP Server security features on May 5: secret scanning reached GA (respecting existing push protection customization), and dependency scanning entered public preview, enabling agents to scan code changes for vulnerable dependencies using the GitHub Advisory Database and Dependabot CLI. Both require GitHub Advanced Security or GitHub Secret Protection.

Why it matters

Bringing secret and dependency scanning into the MCP tool surface means AI coding agents can enforce security policies before code lands in PRs, shifting left from post-commit CI to within the agent workflow.

Importance: 3/5

Two complementary security features shifting vulnerability detection into the agent workflow, addressing a key enterprise compliance concern

mcp ga open-source security agents

Sources

official Secret scanning with GitHub MCP Server GA — GitHub Changelog
official Dependency scanning with GitHub MCP Server in public preview — GitHub Changelog