Snyk MCP experimental
MCP (Model Context Protocol) is an open protocol that standardizes how applications share context with large language models.
MCP can support AI systems with the context needed to generate accurate and relevant responses for use cases where the AI systems do not have the context, by integrating the AI systems with tools and platforms that have specific capabilities. You can integrate Snyk MCP into certain AI-enabled security tools to provide Snyk security context.
Snyk MCP server
Snyk is introducing an MCP server as part of the Snyk CLI. This will allow MCP-enabled security tools to integrate Snyk security scanning capabilities directly, thus bridging the gap between security scanning and emerging AI-assisted workflows.
In environments or applications that use MCP, you can use the snyk mcp
CLI command to:
Invoke Snyk scans: Trigger CLI security scans for code, dependencies, or configurations in your codebase in your current MCP context.
Retrieve results: Obtain Snyk security findings directly in your MCP-enabled tool or environment.
To use the Snyk MCP server, download and install the Snyk CLI v1.1296.2 or later following the steps on the installation page. No other dependencies are needed. Snyk recommends always using the latest version of the CLI.
The snyk mcp
command is available in Early Access, under the --experimental
flag for the following reasons:
MCP is a new and evolving standard.
The
snyk mcp
command is an early implementation of integrating Snyk security scanning into the MCP-enabled environment.Snyk wants to gather feedback on the benefits of MCP as an integration pattern for Snyk security.
Because the snyk mcp
command is an experimental feature. The specific usage, parameters, and output related to this command may evolve as both MCP and this Snyk integration mature. Changes are possible before a general release.
Starting the Snyk MCP server
To start the Snyk MCP server, use the snyk mcp
command for a supported transport type, stdio
or sse
as follows:
snyk mcp -t sse --experimental
- Start the Snyk MCP server using sse
, HTTP Server-Sent Events Transport. The available endpoint is /sse
.
snyk mcp -t stdio --experimental
- Start the Snyk MCP server using stdio
, Stdio (Standard IO) Transport.
Snyk security tools that are available with MCP
The Snyk MCP server supports integrating the following Snyk security tools into an AI system:
snyk_sca_test
(Open Source scans)snyk_code_test
(Code scans)snyk_auth
(authentication)snyk_logout
(logout)snyk_auth_status
(authentication status check)snyk_version
(version information)
Environment variables for MCP
You can set CLI environment variables for the MCP server in the following ways:
In the MCP server configuration file, whether in your IDE or on the MCP host
Directly on your system
For a full list of supported CLI environment variables, see Environment variables for Snyk CLI.
Last updated
Was this helpful?