# Factory Terminal/IDE guide

Access Snyk Studio, including Snyk's MCP server, in Factory Terminal/IDE to secure code generated with agentic workflows through an LLM. You can achieve this by installing Snyk Studio directly.

### Install Factory Terminal/IDE

Install Factory Droid to your local machine from the [Factory website](https://docs.factory.ai/cli/getting-started/quickstart).

### Install Snyk Studio

Add the Snyk entry to `~/.factory/mcp.json`. To learn more, visit the official [Factory documentation](https://docs.factory.ai/cli/configuration/mcp#configuration) for more information.

```
{
  "mcpServers": {
    "Snyk": {
      "command": "npx",
      "args": ["-y", "snyk@latest", "mcp", "-t", "stdio"],
      "env": {}
    }
  }
}  
```

<div align="left"><figure><img src="https://2533899886-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MdwVZ6HOZriajCf5nXH%2Fuploads%2Fgit-blob-d14bb9898d94b15e61f1d9974ae641094f308d00%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure></div>

### Authenticate

{% hint style="warning" %}
If you are enabling Snyk Code for the first time, you must import existing Projects in order to properly scan them.
{% endhint %}

As a one-time setup, authenticate and trust the Project directory. If required, the agentic workflow will likely manage this automatically.

If you are a new user, select the preferred sign-up method and agree to the terms on the next screen. After authentication, return to your Terminal/IDE.

{% hint style="info" %}
To use Snyk Studio, specifically the SAST scanning capabilities, you must enable [Snyk Code](https://docs.snyk.io/scan-with-snyk/snyk-code).

Snyk Code analyzes your code for vulnerabilities, temporarily clones the repository, and uploads your code. Cloned or uploaded code is cached according to the Snyk [data retention policy](https://docs.snyk.io/snyk-data-and-governance/how-snyk-handles-your-data).

With the Snyk Free Plan, Snyk Code offers unlimited scans for Open Source Projects, and limited tests for first-party code. To learn more about our available plans, visit [Plans and Pricing](https://snyk.io/plans/).
{% endhint %}

For existing user&#x73;*,* select the login method associated with your account. If you do not already have access to Snyk Code, your LLM prompts you to enable it prior to your first scan. You can also enable it directly in the Snyk settings. To learn more, visit [Enable Snyk Code](https://docs.snyk.io/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools#enable-snyk-code).

### Run Snyk Studio

On authentication, Snyk Studio is triggered whenever new code is generated by the LLM. If Snyk Studio is not enabled, restart your Terminal or IDE and try generating code again.

{% hint style="info" %}
Free users are limited to a set number of scans. If you reach the allotment, Snyk recommends contacting the Snyk sales team for additional thresholds.
{% endhint %}

## Setting up the Snyk MCP Server

As a one-time setup, you must trust the current Project directory. If required, the agentic workflow manages this automatically.

These workflows are automatically executed by the underlying model and the agentic code assistant, and you will need to approve them in the Droid product.

## Examples

### Scanning for security vulnerabilities

In the chat, you can tag specific files or functions and ask Factory to scan your code, in order to safely deploy it to production:

{% code title="prompt" overflow="wrap" %}

```
Scan this directory for code security & dependency vulnerabilities and security issues
```

{% endcode %}

<figure><img src="https://2533899886-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MdwVZ6HOZriajCf5nXH%2Fuploads%2Fgit-blob-5b5d8bde633c3ebe707d2ec94f8b5b4601cc4bd4%2Fimage.png?alt=media" alt=""><figcaption><p>Droid prompt to scan code for SAS and SCA issues</p></figcaption></figure>

Factory indicates that this request is related to security vulnerability scanning and calls the Snyk MCP Server for various scans.

<figure><img src="https://2533899886-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MdwVZ6HOZriajCf5nXH%2Fuploads%2Fgit-blob-57d142283902dc88b9d95c55d66713ec48ed4b6d%2Fimage.png?alt=media" alt=""><figcaption><p>Factory call to Snyk MCP Server</p></figcaption></figure>

Factory is then able to gather all the security scanning results, both code (SAST) and dependencies (SCA), and based on recommendations and contextual information provided by the Snyk MCP Server, it is now able to provide code changes that address some or all of the security vulnerabilities that were found.

### "Secure at inception" rules

To practice [Secure at Inception](https://docs.snyk.io/discover-snyk/getting-started/glossary#secure-at-inception), Snyk recommends adopting rules that align the LLM for secure code generation and workflows.

The following is a suggested instruction for [Factory AGENTS.md](https://docs.factory.ai/cli/configuration/agents-md). Append the following contents to the rules file at `AGENTS.md`:

{% code title="AGENTS.md" overflow="wrap" %}

```
---
alwaysApply: true
always_on: true
trigger: always_on
applyTo: "**"
description: Snyk Security At Inception
---

# Project security best practices

- Always run **snyk_code_scan** tool for new first party code that is generated in a Snyk-supported language.
- If any security issues are found based on newly introduced or modified code or dependencies, attempt to fix the issues using the results context from **Snyk**.
- Rescan the code after fixing the issues to ensure that the issues were fixed and that there are no newly introduced issues.
- Repeat this process until no new issues are found.
```

{% endcode %}