Submit
sammcj

Snyk MCP Server

Community sammcj
Updated

MCP Server for Snyk Security Scanning

Snyk MCP Server

A standalone Model Context Protocol server for Snyk security scanning functionality.

WARNING: THIS MCP SERVER IS CURRENTLY IN ALPHA AND IS NOT YET FINISHED!

Configuration

Update your Claude desktop config (claude-config.json):

{
  "mcpServers": {
    "snyk": {
      "command": "npx",
      "args": [
        "-y",
        "github:sammcj/mcp-snyk"
      ],
      "env": {
        "SNYK_API_KEY": "your_snyk_token",
        "SNYK_ORG_ID": "your_default_org_id"  // Optional: Configure a default organisation ID
      }
    }
  }
}

Replace the token with your actual Snyk API token. The organisation ID can be configured in multiple ways:

  1. In the MCP settings via SNYK_ORG_ID (as shown above)
  2. Using the Snyk CLI: snyk config set org=your-org-id
  3. Providing it directly in commands

The server will try these methods in order until it finds a valid organisation ID.

Verifying Configuration

You can verify your Snyk token is configured correctly by asking Claude to run the verify_token command:

Verify my Snyk token configuration

This will check if your token is valid and show your Snyk user information. If you have the Snyk CLI installed and configured, it will also show your CLI-configured organization ID.

Features

  • Repository security scanning using GitHub/GitLab URLs
  • Snyk project scanning
  • Integration with Claude desktop
  • Token verification
  • Multiple organization ID configuration options
  • Snyk CLI integration for organization ID lookup

Usage

To scan a repository, you must provide its GitHub or GitLab URL:

Scan repository https://github.com/owner/repo for security vulnerabilities

IMPORTANT: The scan_repository command requires the actual repository URL (e.g., https://github.com/owner/repo). Do not use local file paths - always use the repository's URL on GitHub or GitLab.

For Snyk projects:

Scan Snyk project project-id-here

Organization ID Configuration

The server will look for the organization ID in this order:

  1. Command argument (if provided)
  2. MCP settings environment variable (SNYK_ORG_ID)
  3. Snyk CLI configuration (snyk config get org)

You only need to specify the organization ID in your command if you want to override the configured values:

Scan repository https://github.com/owner/repo in organisation org-id-here

Snyk CLI Integration

If you have the Snyk CLI installed (npm install -g snyk), the server can use it to:

  • Get your default organisation ID
  • Fall back to CLI configuration when MCP settings are not provided
  • Show CLI configuration details in token verification output

This integration makes it easier to use the same organisation ID across both CLI and MCP server usage.

MCP Server · Populars

MCP Server · New

    dsphper

    🎨 Lanhu MCP Server

    ⚡ 需求分析效率提升 200%!首个为 AI 编程时代设计的团队协作 MCP 服务器,自动分析需求自动编写前后端代码,下载切图

    Community dsphper
    trade-it-inc

    Trade It MCP Server

    Guide to connect to Trade It's MCP server and trade stocks and crypto

    Community trade-it-inc
    vectorize-io

    hindsight

    Hindsight: Agent Memory That Works Like Human Memory

    Community vectorize-io
    jerichosequitin

    Metabase MCP Server

    A high-performance Model Context Protocol server for AI integration with Metabase analytics platforms. Features response optimization, robust error handling, and comprehensive data access tools. Featured on Claude.

    Community jerichosequitin
    82ch

    MCP-Dandan - MCP Security Framework

    MCP Security Solution for Agentic AI — real-time proxying, behavior analysis, and malicious tool detection

    Community 82ch