https://github.com/snyk/agentic-integration-wrappers
Provides wrappers to integrate with agentic workflows
https://github.com/snyk/agentic-integration-wrappers
agentic dxt gca gemini integration mcp snyk wrapper
Last synced: 4 months ago
JSON representation
Provides wrappers to integrate with agentic workflows
- Host: GitHub
- URL: https://github.com/snyk/agentic-integration-wrappers
- Owner: snyk
- License: apache-2.0
- Created: 2025-07-24T07:31:08.000Z (11 months ago)
- Default Branch: main
- Last Pushed: 2026-02-23T18:10:34.000Z (4 months ago)
- Last Synced: 2026-02-24T01:28:53.362Z (4 months ago)
- Topics: agentic, dxt, gca, gemini, integration, mcp, snyk, wrapper
- Language: Shell
- Homepage: https://snyk.io
- Size: 135 KB
- Stars: 7
- Watchers: 0
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
# Snyk Agentic Integration Wrappers
This repository provides integration wrappers that enable AI coding assistants to leverage Snyk's security platform capabilities through the Model Context Protocol (MCP).
## Overview
The wrappers in this repository allow agentic AI systems (AI coding assistants) to perform security scanning on code, dependencies, infrastructure, and containers using Snyk's comprehensive security platform. This enables AI assistants to proactively identify and fix security vulnerabilities during code generation and review.
## Supported Integrations
### Claude Desktop Extension (MCPB)
- **File**: `manifest.json`
- **Purpose**: Packages Snyk as a Claude Desktop Extension (MCP Bundle)
- **Build Script**: `build-mcpb.sh` - Creates a `.mcpb` file for distribution
- **Capabilities**: Full Snyk security scanning suite via MCP
### Google Gemini Extension
- **File**: `gemini-extension.json`
- **Purpose**: Enables Snyk security scanning in Google Gemini Code Assist
- **Configuration**: Custom context file support and selective tool exposure
### Anthropic MCP Marketplace
- **File**: `server.json`
- **Purpose**: Standard MCP server configuration for any MCP-compatible AI assistant
- **Registry**: Published to the [Model Context Protocol Registry](https://modelcontextprotocol.io) (domain: `snyk.io`)
- **Distribution**: Automated via GitHub Actions workflow on each Snyk CLI release
## Security Capabilities
Through these integrations, AI assistants gain access to:
- **SAST (Static Application Security Testing)**: Code vulnerability scanning
- **SCA (Software Composition Analysis)**: Open source dependency vulnerability detection
- **IaC (Infrastructure as Code)**: Security misconfiguration detection in cloud infrastructure
- **Container Security**: Container image vulnerability scanning
- **AI-specific features**: SBOM generation and testing, AI Bill of Materials (AIBOM)
## How It Works
All integrations use the Snyk CLI's MCP server capability (`snyk mcp -t stdio`), which exposes Snyk's security tools through the Model Context Protocol. The AI assistant can invoke Snyk scans during code generation, review, and security analysis workflows.
## Release Process
The repository uses an automated GitHub Actions workflow (`build-and-release.yml`) that:
1. Triggers on Snyk CLI releases (via `repository_dispatch` or manual `workflow_dispatch`)
2. Builds the Claude Desktop Extension (`.mcpb` file) using `build-mcpb.sh`
3. Creates a GitHub release with the built artifacts and SHA256 checksums
4. Publishes the updated MCP server configuration to the Anthropic MCP Registry
**This repository is closed to public contributions.**