Snyk MCP Server logo

Snyk MCP Server

by sammcj

A standalone Model Context Protocol server for Snyk security scanning functionality. It allows integration with Claude desktop for scanning repositories and Snyk projects for security vulnerabilities.

View on GitHub

Last updated: N/A

What is Snyk MCP Server?

The Snyk MCP Server is a standalone server that enables Snyk security scanning capabilities within the Model Context Protocol (MCP) framework. It facilitates the integration of Snyk's vulnerability scanning features with applications like Claude desktop.

How to use Snyk MCP Server?

To use the server, configure your Claude desktop config (claude-config.json) with the server details, including the command to run the server and environment variables for your Snyk API key and organization ID. You can then use natural language commands within Claude to trigger repository or project scans, providing the necessary URLs or project IDs.

Key features of Snyk MCP Server

  • Repository security scanning using GitHub/GitLab URLs

  • Snyk project scanning

  • Integration with Claude desktop

  • Token verification

  • Multiple organization ID configuration options

  • Snyk CLI integration for organization ID lookup

Use cases of Snyk MCP Server

  • Scanning GitHub repositories for security vulnerabilities directly from Claude

  • Scanning GitLab repositories for security vulnerabilities directly from Claude

  • Verifying Snyk API token configuration

  • Scanning Snyk projects by ID

  • Centralized security scanning workflow within Claude

FAQ from Snyk MCP Server

How do I configure the Snyk API token?

Set the SNYK_API_KEY environment variable in the MCP server configuration.

How do I specify the Snyk organization ID?

You can configure the organization ID via the SNYK_ORG_ID environment variable in the MCP settings, using the Snyk CLI (snyk config set org=your-org-id), or by providing it directly in commands.

What URL format should I use for repository scanning?

Use the actual repository URL (e.g., https://github.com/owner/repo) on GitHub or GitLab. Do not use local file paths.

How can I verify my Snyk token configuration?

Ask Claude to run the verify_token command.

What if I have the Snyk CLI installed?

The server can use the CLI to get your default organization ID and show CLI configuration details in the token verification output.