logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

mcp-snyk-scanner

Facilitates application security assessments by interfacing with Snyk's vulnerability detection engine. Supports configuration parameters for Snyk access credentials and target organizational contexts.

Author

mcp-snyk-scanner logo

sammcj

No License

Quick Info

GitHub GitHub Stars 15
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Tags

snykrepositoriesapissnyk securitysnyk apiscanning repositories

Snyk Integration for Model Context Protocol (MCP)

This module functions as a dedicated MCP server instance, purpose-built to execute Snyk security analysis features.

ATTENTION: THIS ALPHA VERSION OF THE MCP SERVER IS INCOMPLETE AND UNDER ACTIVE DEVELOPMENT!

Setup & Configuration

Modify your Claude desktop configuration file (claude-config.json) as follows:

{ "mcpServers": { "snyk": { "command": "npx", "args": [ "-y", "github:sammcj/mcp-snyk" ], "env": { "SNYK_API_KEY": "your_snyk_access_token", "SNYK_ORG_ID": "your_default_organization_identifier" // Optional: Set a preferred default organization ID } } } }

Substitute the placeholder with your authentic Snyk authorization key. The organizational identifier can be established through several mechanisms:

  1. Via the MCP configuration using the SNYK_ORG_ID environment variable (as illustrated above).
  2. Through the Snyk Command Line Interface (CLI) using the command: snyk config set org=your-org-id
  3. Directly supplied within the execution command itself.

The server will sequentially attempt these resolution methods to ascertain a functional organization identifier.

Configuration Validation

To confirm your security credentials are correctly initialized, instruct Claude to execute the verify_token operation:

Execute token authentication check for Snyk

This action verifies token validity and retrieves associated Snyk user details. If the Snyk CLI is present and configured, it will additionally report the CLI-defined organization ID.

Core Capabilities

  • Execution of security vulnerability scanning against remote repositories hosted on GitHub or GitLab.
  • In-depth analysis of defined Snyk projects.
  • Seamless interface with the Claude desktop environment.
  • Credential validation procedures.
  • Support for multiple overrides/definitions of the organization ID.
  • Leveraging Snyk CLI settings for configuration fallback.

Operational Procedures

To initiate a scan on a repository, you must furnish its full remote URL (GitHub or GitLab):

Analyze repository https://github.com/owner/repo for security flaws

CRITICAL NOTE: The scan_repository function mandates the absolute repository locator (e.g., https://github.com/owner/repo). Local file system paths are strictly prohibited; utilize the public web address exclusively.

For scans targeting existing Snyk projects:

Assess Snyk project project-id-here

Organization Identifier Determination Logic

The server prioritizes the organization ID based on this sequence:

  1. Parameter provided directly in the request command (if present).
  2. Environment variable set within MCP configuration (SNYK_ORG_ID).
  3. Value retrieved from the Snyk CLI configuration (snyk config get org).

You only need to explicitly state the organization ID in your instruction if you intend to supersede any pre-configured settings:

Analyze repository https://github.com/owner/repo using organisation org-id-here

Snyk CLI Interoperability

Should the Snyk CLI utility be installed (npm install -g snyk), the server can utilize it to:

  • Fetch your established default organizational context.
  • Serve as a secondary source for the organization ID when MCP environment variables are absent.
  • Display current CLI configuration details during the token verification process.

This integration promotes consistency between the operational context of the Snyk CLI and the MCP server.

See Also

`