https://github.com/sammcj/mcp-snyk
MCP Server for Snyk Security Scanning
https://github.com/sammcj/mcp-snyk
Last synced: 15 days ago
JSON representation
MCP Server for Snyk Security Scanning
- Host: GitHub
- URL: https://github.com/sammcj/mcp-snyk
- Owner: sammcj
- Created: 2025-02-23T20:49:22.000Z (8 months ago)
- Default Branch: main
- Last Pushed: 2025-02-23T20:54:39.000Z (8 months ago)
- Last Synced: 2025-06-17T13:11:33.543Z (4 months ago)
- Language: JavaScript
- Size: 10.7 KB
- Stars: 11
- Watchers: 1
- Forks: 8
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- mcp-index - Snyk MCP Server - Enables security scanning for repositories by leveraging Snyk's security functionality. Supports configuration for Snyk API tokens and organization settings. (Business Tools)
README
# Snyk MCP Server
A standalone Model Context Protocol server for Snyk security scanning functionality.
**WARNING: THIS MCP SERVER IS CURRENTLY IN ALPHA AND IS NOT YET FINISHED!**
## Configuration
Update your Claude desktop config (`claude-config.json`):
```json
{
"mcpServers": {
"snyk": {
"command": "npx",
"args": [
"-y",
"github:sammcj/mcp-snyk"
],
"env": {
"SNYK_API_KEY": "your_snyk_token",
"SNYK_ORG_ID": "your_default_org_id" // Optional: Configure a default organisation ID
}
}
}
}
```
Replace the token with your actual Snyk API token. The organisation ID can be configured in multiple ways:
1. In the MCP settings via `SNYK_ORG_ID` (as shown above)
2. Using the Snyk CLI: `snyk config set org=your-org-id`
3. Providing it directly in commands
The server will try these methods in order until it finds a valid organisation ID.
### Verifying Configuration
You can verify your Snyk token is configured correctly by asking Claude to run the verify_token command:
```
Verify my Snyk token configuration
```
This will check if your token is valid and show your Snyk user information. If you have the Snyk CLI installed and configured, it will also show your CLI-configured organization ID.
## Features
- Repository security scanning using GitHub/GitLab URLs
- Snyk project scanning
- Integration with Claude desktop
- Token verification
- Multiple organization ID configuration options
- Snyk CLI integration for organization ID lookup
## Usage
To scan a repository, you must provide its GitHub or GitLab URL:
```
Scan repository https://github.com/owner/repo for security vulnerabilities
```
IMPORTANT: The scan_repository command requires the actual repository URL (e.g., https://github.com/owner/repo). Do not use local file paths - always use the repository's URL on GitHub or GitLab.
For Snyk projects:
```
Scan Snyk project project-id-here
```
### Organization ID Configuration
The server will look for the organization ID in this order:
1. Command argument (if provided)
2. MCP settings environment variable (`SNYK_ORG_ID`)
3. Snyk CLI configuration (`snyk config get org`)
You only need to specify the organization ID in your command if you want to override the configured values:
```
Scan repository https://github.com/owner/repo in organisation org-id-here
```
### Snyk CLI Integration
If you have the Snyk CLI installed (`npm install -g snyk`), the server can use it to:
- Get your default organisation ID
- Fall back to CLI configuration when MCP settings are not provided
- Show CLI configuration details in token verification output
This integration makes it easier to use the same organisation ID across both CLI and MCP server usage.