Getting started with Snyk Studio
Snyk Studio supports a default hooks-based approach for some agentic development environments (ADEs) to ensure code written by AI coding assistants is secure at inception (SAI):
Claude Code
Cursor
Codex CLI
Gemini CLI
If you use one of these ADEs, use the Snyk Studio installer script to install Snyk Studio.
If your ADE does not support a hooks-based approach to SAI, use a rules-based approach. Install Snyk Studio by configuring the Snyk MCP Server with your ADE.
Install Snyk Studio for ADEs with hooks support
If your ADE supports hooks, complete the following steps to install Snyk Studio using an installer script.
Prerequisites
Python 3.8+
Snyk CLI
Clone the studio-recipes repository
Clone the studio-recipes repository locally.
Build the Snyk Studio installer
Run the following command to build the Snyk Studio installer script:
Run the installer script
For macOS and Linux:
For Windows:
For advanced options and additional information, visit the studio-recipes repository.
Install Snyk Studio for ADEs without hooks support
The Snyk MCP Server is designed as a local MCP server, running on your system using the Snyk CLI to ensure local file access.
Snyk does not offer a hosted remote MCP server.
If your ADE does not support the default hooks-based approach, install Snyk Studio by configuring the Snyk MCP server in your target ADE.
Prerequisites
Snyk recommends that you have:
npxNode.jsinstalled on your machine
If these are not available, you can manually add the Snyk CLI to the MCP server configuration. For instructions, see your coding assistant's official documentation.
Configure the Snyk MCP server
Navigate to the MCP server configuration for the coding assistant. This often involves modifying a file called mcp.json or similar. Use the following snippet to configure the Snyk MCP server:
To validate the MCP server configuration, prompt your coding agent with natural language, for example, "scan my directory for security issues".
Configure the Snyk MCP profile
Snyk supports the following tool profiles that let you control which tools are available to your AI agent. Profiles help you balance token cost and capability based on your needs.
Lite
The minimum set of essential security scanning tools. Ideal for keeping token use and context size low.
Full (default)
All stable tools. Provides comprehensive security coverage across code, dependencies, containers, IaC, and SBOMs.
Experimental
Everything in the full profile, plus new tools under evaluation. These may change or be promoted to full in future releases.
These tools are available for the following profile types:
snyk_auth
snyk_code_scan
snyk_sca_scan
snyk_version
snyk_logout
snyk_trust
snyk_send_feedback
snyk_container_scan
snyk_iac_scan
snyk_sbom_scan
snyk_aibom
snyk_package_health_check
To set a profile, use either the --profile CLI flag or the SNYK_MCP_PROFILE environment variable CLI flag:
If a profile is not specified in setup, the profile defaults to full.
Configure Secure at inception directives
The Secure at inception directives are used to guide agents to test for security issues at the time of code generation. To learn how to configure these directives with code examples, visit Secure at inception directives.
Configure Remediation directives
Remediation directives are commands that can be used to accelerate the remediation of pre-existing security issues. To learn how to configure these directives with code examples, visit Remediation directives.
Snyk maintains quickstart guides for some of the more common coding assistants. For detailed configuration steps of a specific coding assistant, visit Quickstart guides.
Last updated
Was this helpful?