Submit
sammcj

Snyk MCP Server

Community sammcj
Updated

MCP Server for Snyk Security Scanning

Snyk MCP Server

A standalone Model Context Protocol server for Snyk security scanning functionality.

WARNING: THIS MCP SERVER IS CURRENTLY IN ALPHA AND IS NOT YET FINISHED!

Configuration

Update your Claude desktop config (claude-config.json):

{
  "mcpServers": {
    "snyk": {
      "command": "npx",
      "args": [
        "-y",
        "github:sammcj/mcp-snyk"
      ],
      "env": {
        "SNYK_API_KEY": "your_snyk_token",
        "SNYK_ORG_ID": "your_default_org_id"  // Optional: Configure a default organisation ID
      }
    }
  }
}

Replace the token with your actual Snyk API token. The organisation ID can be configured in multiple ways:

  1. In the MCP settings via SNYK_ORG_ID (as shown above)
  2. Using the Snyk CLI: snyk config set org=your-org-id
  3. Providing it directly in commands

The server will try these methods in order until it finds a valid organisation ID.

Verifying Configuration

You can verify your Snyk token is configured correctly by asking Claude to run the verify_token command:

Verify my Snyk token configuration

This will check if your token is valid and show your Snyk user information. If you have the Snyk CLI installed and configured, it will also show your CLI-configured organization ID.

Features

  • Repository security scanning using GitHub/GitLab URLs
  • Snyk project scanning
  • Integration with Claude desktop
  • Token verification
  • Multiple organization ID configuration options
  • Snyk CLI integration for organization ID lookup

Usage

To scan a repository, you must provide its GitHub or GitLab URL:

Scan repository https://github.com/owner/repo for security vulnerabilities

IMPORTANT: The scan_repository command requires the actual repository URL (e.g., https://github.com/owner/repo). Do not use local file paths - always use the repository's URL on GitHub or GitLab.

For Snyk projects:

Scan Snyk project project-id-here

Organization ID Configuration

The server will look for the organization ID in this order:

  1. Command argument (if provided)
  2. MCP settings environment variable (SNYK_ORG_ID)
  3. Snyk CLI configuration (snyk config get org)

You only need to specify the organization ID in your command if you want to override the configured values:

Scan repository https://github.com/owner/repo in organisation org-id-here

Snyk CLI Integration

If you have the Snyk CLI installed (npm install -g snyk), the server can use it to:

  • Get your default organisation ID
  • Fall back to CLI configuration when MCP settings are not provided
  • Show CLI configuration details in token verification output

This integration makes it easier to use the same organisation ID across both CLI and MCP server usage.

MCP Server · Populars

MCP Server · New

    chatmcp

    mcpso

    directory for Awesome MCP Servers

    Community chatmcp
    TBXark

    MCP Proxy Server

    An MCP proxy server that aggregates and serves multiple MCP resource servers through a single HTTP server.

    Community TBXark
    ttommyth

    interactive-mcp

    Ask users questions from your LLM! interactive-mcp: Local, cross-platform MCP server for interactive prompts, chat & notifications.

    Community ttommyth
    lpigeon

    ros-mcp-server

    The ROS MCP Server is designed to support robots in performing complex tasks and adapting effectively to various environments by providing a set of functions that transform natural language commands, entered by a user through an LLM, into ROS commands for robot control.

    Community lpigeon
    emicklei

    melrose-mcp

    interactive programming of melodies, producing MIDI

    Community emicklei