Claude Code guide

You can add the Snyk MCP server to Claude Code to secure code generated with agentic workflows through an LLM. This can be achieved in several ways. When you use it for the first time, the MCP server will ask for trust and trigger authentication if necessary.

Prerequisites

Install Claude Code

Install Claude Code. For more details, see the official Claude Code - Quickstart.

Install the Snyk MCP Server in Claude Code

Install the Snyk MCP Server using the method that best suits your operating system and local development environment. To add a MCP Server in Claude Code, see the official document for installing MCP servers.

Install with Node.js and npx

Create or edit the MCP configuration file ~/.claude.json.

If you have the Node.js npx executable installed in your environment, add the following JSON snippet to the file:

{
  "servers": {
    "Snyk": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "snyk@latest", "mcp", "-t", "stdio"],
      "env": {}
    }
  }
}

Install with pre-installed Snyk CLI

Create or edit the MCP configuration file ~/.claude.json .

If you have the Snyk CLI installed and accessible on your system path, include the following JSON snippet in the file. You might need to specify the full path to the Snyk executable CLI:

{
  "servers": {
    "Snyk": {
      "type": "stdio",
      "command": "/absolute/path/to/snyk",
      "args": ["mcp", "-t", "stdio"],
      "env": {}
    }
  }
}

If the snyk command is not available, add it by following the instructions on the Installing or updating the Snyk CLI page.

The following examples shows a Snyk MCP Server that was successfully configured and started.

For additional MCP configuration options on Claude Code and troubleshooting, consult the official Claude Code MCP documentation.

Setting up the Snyk MCP Server

As a one-time setup, you may need to authenticate and trust the current Project directory.

Examples

Scanning for security vulnerabilities

In the chat, you can tag specific files or functions and ask Claude Code to scan your code for safely deploying to production:

prompt
Scan this directory for code security & dependency vulnerabilities and security issues

Claude Code indicates that this request is related to security vulnerability scanning and calls the Snyk MCP Server for various scans.

Claude Code is then able to gather all the security scanning results, both code (SAST) and dependencies (SCA), and based on recommendations and contextual information provided by the Snyk MCP Server, it is now able to provide code changes that address some or all of the security vulnerabilities that were found:

"Secure at inception" rules

To practice Secure at Inception, Snyk recommends adopting rules that align the LLM for secure code generation and workflows.

The following is a suggested instruction for creating project rules for use with Claude Code md files:

Claude Code rules
Always run Snyk Code scanning tool for new first party code generated.
Always run Snyk SCA scanning tool for new dependencies or dependency updates.
If any security issues are found based on newly introduced or modified code or dependencies, attempt to fix the issues using the results context from Snyk.
Rescan the code after fixing the issues to ensure that the issues were fixed and that there are no newly introduced issues.
Repeat this process until no issues are found.

Append the following contents to the rules file at CLAUDE.md:

CLAUDE.md
- Always run Snyk Code scanning tool for new first party code generated.
- Always run Snyk SCA scanning tool for new dependencies or dependency updates.
- If any security issues are found based on newly introduced or modified code or dependencies, attempt to fix the issues using the results context from Snyk.
- Rescan the code after fixing the issues to ensure that the issues were fixed and that there are no newly introduced issues.
- Repeat this process until no issues are found.

Last updated

Was this helpful?