mcp snyk
MCP Server for Snyk Security Scanning
Repository Info
About This Server
MCP Server for Snyk Security Scanning
Model Context Protocol (MCP) - This server can be integrated with AI applications to provide additional context and capabilities, enabling enhanced AI interactions and functionality.
Documentation
Snyk MCP Server
A standalone Model Context Protocol server for Snyk security scanning functionality.
WARNING: THIS MCP SERVER IS CURRENTLY IN ALPHA AND IS NOT YET FINISHED!
Configuration
Update your Claude desktop config (claude-config.json):
{
"mcpServers": {
"snyk": {
"command": "npx",
"args": [
"-y",
"github:sammcj/mcp-snyk"
],
"env": {
"SNYK_API_KEY": "your_snyk_token",
"SNYK_ORG_ID": "your_default_org_id" // Optional: Configure a default organisation ID
}
}
}
}
Replace the token with your actual Snyk API token. The organisation ID can be configured in multiple ways:
- In the MCP settings via
SNYK_ORG_ID(as shown above) - Using the Snyk CLI:
snyk config set org=your-org-id - Providing it directly in commands
The server will try these methods in order until it finds a valid organisation ID.
Verifying Configuration
You can verify your Snyk token is configured correctly by asking Claude to run the verify_token command:
Verify my Snyk token configuration
This will check if your token is valid and show your Snyk user information. If you have the Snyk CLI installed and configured, it will also show your CLI-configured organization ID.
Features
- Repository security scanning using GitHub/GitLab URLs
- Snyk project scanning
- Integration with Claude desktop
- Token verification
- Multiple organization ID configuration options
- Snyk CLI integration for organization ID lookup
Usage
To scan a repository, you must provide its GitHub or GitLab URL:
Scan repository https://github.com/owner/repo for security vulnerabilities
IMPORTANT: The scan_repository command requires the actual repository URL (e.g., https://github.com/owner/repo). Do not use local file paths - always use the repository's URL on GitHub or GitLab.
For Snyk projects:
Scan Snyk project project-id-here
Organization ID Configuration
The server will look for the organization ID in this order:
- Command argument (if provided)
- MCP settings environment variable (
SNYK_ORG_ID) - Snyk CLI configuration (
snyk config get org)
You only need to specify the organization ID in your command if you want to override the configured values:
Scan repository https://github.com/owner/repo in organisation org-id-here
Snyk CLI Integration
If you have the Snyk CLI installed (npm install -g snyk), the server can use it to:
- Get your default organisation ID
- Fall back to CLI configuration when MCP settings are not provided
- Show CLI configuration details in token verification output
This integration makes it easier to use the same organisation ID across both CLI and MCP server usage.
Quick Start
Clone the repository
git clone https://github.com/sammcj/mcp-snykInstall dependencies
cd mcp-snyk
npm installFollow the documentation
Check the repository's README.md file for specific installation and usage instructions.
Repository Details
Recommended MCP Servers
Discord MCP
Enable AI assistants to seamlessly interact with Discord servers, channels, and messages.
Knit MCP
Connect AI agents to 200+ SaaS applications and automate workflows.
Apify MCP Server
Deploy and interact with Apify actors for web scraping and data extraction.
BrowserStack MCP
BrowserStack MCP Server for automated testing across multiple browsers.
Zapier MCP
A Zapier server that provides automation capabilities for various apps.