Add secure scanning of MCP Servers using mcp-scanner during publishing and refresh

[asamba-cisco]

Description

Currently, the MCP Gateway Registry allows publishing and refreshing of MCP server metadata without automated security validation.
To strengthen the security posture of the registry and ensure that only compliant, trusted servers are listed, we propose integrating cisco-ai-defense/mcp-scanner into the publishing and refresh workflows.

Proposed Enhancement

Integrate a security scanning step that automatically invokes mcp-scanner whenever:
1. A new MCP server is published to the registry.
2. An existing MCP server is refreshed (metadata or endpoints updated).

If the scan identifies high-severity vulnerabilities or misconfigurations, the registry should:
• Block publication/refresh until the issues are resolved, or
• Flag the server as “security-pending” with scan results stored for review.

Benefits

•	Improves trust and safety of MCP server listings in the community registry.
•	Helps MCP server maintainers proactively identify and fix security issues.
•	Aligns with best practices for secure model and tool discovery in the Agentic ecosystem.

References

cisco ai mcp-scanner

[aarora79]

Fixed via #184, see https://github.com/agentic-community/mcp-gateway-registry/blob/main/docs/security-scanner.md.