Snyk MCP Server

Securitystdiov1.1290.0

Official Snyk MCP server that brings developer security scanning into AI agent workflows. Lets agents scan code, open-source dependencies, containers, and infrastructure-as-code for vulnerabilities, retrieve fix advice, and check license issues directly from the editor or CI, using the Snyk CLI under the hood.

snyk security vulnerability-scanning sca sast dependencies

Connect

Add this configuration to .claude/mcp.json

{
  "mcpServers": {
    "snyk": {
      "command": "npx",
      "args": [
        "-y",
        "snyk",
        "mcp",
        "-t",
        "stdio"
      ],
      "env": {
        "SNYK_TOKEN": "<YOUR_SNYK_TOKEN>"
      }
    }
  }
}

Tools (3)

scan_code

Run static application security testing (SAST) on a code path.

{
  "type": "object",
  "required": [
    "path"
  ],
  "properties": {
    "path": {
      "type": "string",
      "description": "Path to the code directory to scan"
    }
  }
}

scan_dependencies

Scan open-source dependencies for known vulnerabilities and license issues.

{
  "type": "object",
  "required": [
    "path"
  ],
  "properties": {
    "path": {
      "type": "string",
      "description": "Path to the project manifest or directory"
    }
  }
}

scan_container

Scan a container image for OS and application vulnerabilities.

{
  "type": "object",
  "required": [
    "image"
  ],
  "properties": {
    "image": {
      "type": "string",
      "description": "Container image name and tag"
    }
  }
}

Resources

This server does not expose any resources.

Prompts

This server does not expose any prompts.

Server Information

Author: Snyk (@snyk)
Repository: https://github.com/snyk/cli
License: Apache-2.0
Version: 1.1290.0
Stars: 5,100
Last Updated: June 19, 2026