mcp-snyk-scanner
Facilitates application security assessments by interfacing with Snyk's vulnerability detection engine. Supports configuration parameters for Snyk access credentials and target organizational contexts.
Author

sammcj
Quick Info
Actions
Tags
Snyk Integration for Model Context Protocol (MCP)
This module functions as a dedicated MCP server instance, purpose-built to execute Snyk security analysis features.
ATTENTION: THIS ALPHA VERSION OF THE MCP SERVER IS INCOMPLETE AND UNDER ACTIVE DEVELOPMENT!
Setup & Configuration
Modify your Claude desktop configuration file (claude-config.json) as follows:
{ "mcpServers": { "snyk": { "command": "npx", "args": [ "-y", "github:sammcj/mcp-snyk" ], "env": { "SNYK_API_KEY": "your_snyk_access_token", "SNYK_ORG_ID": "your_default_organization_identifier" // Optional: Set a preferred default organization ID } } } }
Substitute the placeholder with your authentic Snyk authorization key. The organizational identifier can be established through several mechanisms:
- Via the MCP configuration using the
SNYK_ORG_IDenvironment variable (as illustrated above). - Through the Snyk Command Line Interface (CLI) using the command:
snyk config set org=your-org-id - Directly supplied within the execution command itself.
The server will sequentially attempt these resolution methods to ascertain a functional organization identifier.
Configuration Validation
To confirm your security credentials are correctly initialized, instruct Claude to execute the verify_token operation:
Execute token authentication check for Snyk
This action verifies token validity and retrieves associated Snyk user details. If the Snyk CLI is present and configured, it will additionally report the CLI-defined organization ID.
Core Capabilities
- Execution of security vulnerability scanning against remote repositories hosted on GitHub or GitLab.
- In-depth analysis of defined Snyk projects.
- Seamless interface with the Claude desktop environment.
- Credential validation procedures.
- Support for multiple overrides/definitions of the organization ID.
- Leveraging Snyk CLI settings for configuration fallback.
Operational Procedures
To initiate a scan on a repository, you must furnish its full remote URL (GitHub or GitLab):
Analyze repository https://github.com/owner/repo for security flaws
CRITICAL NOTE: The scan_repository function mandates the absolute repository locator (e.g., https://github.com/owner/repo). Local file system paths are strictly prohibited; utilize the public web address exclusively.
For scans targeting existing Snyk projects:
Assess Snyk project project-id-here
Organization Identifier Determination Logic
The server prioritizes the organization ID based on this sequence:
- Parameter provided directly in the request command (if present).
- Environment variable set within MCP configuration (
SNYK_ORG_ID). - Value retrieved from the Snyk CLI configuration (
snyk config get org).
You only need to explicitly state the organization ID in your instruction if you intend to supersede any pre-configured settings:
Analyze repository https://github.com/owner/repo using organisation org-id-here
Snyk CLI Interoperability
Should the Snyk CLI utility be installed (npm install -g snyk), the server can utilize it to:
- Fetch your established default organizational context.
- Serve as a secondary source for the organization ID when MCP environment variables are absent.
- Display current CLI configuration details during the token verification process.
This integration promotes consistency between the operational context of the Snyk CLI and the MCP server.
