Security vulnerability scanning
## Snyk MCP Server: Developer-First Security Platform The **Snyk MCP Server** integrates developer security into Google Antigravity, enabling continuous scanning of code, dependencies, containers, and infrastructure as code for vulnerabilities with automated fix suggestions. ### Why Snyk MCP? - **Dependency scanning** - Find vulnerabilities in open source libraries - **Code analysis** - Static analysis for security issues in your code - **Container security** - Scan Docker images for vulnerabilities - **IaC security** - Check Terraform, CloudFormation, and Kubernetes - **Fix automation** - Get automated remediation pull requests ### Key Features #### 1. Dependency Scanning ```python # Scan project dependencies scan = await mcp.call("snyk", "test", { "path": "/app", "project_type": "npm" }) print(f"Vulnerabilities: {scan[\"vulnerabilities_count\"]}") for vuln in scan["vulnerabilities"]: print(f"[{vuln[\"severity\"]}] {vuln[\"title\"]}") print(f" Package: {vuln[\"package\"]}@{vuln[\"version\"]}") print(f" Fix: Upgrade to {vuln[\"fixedIn\"]}") ``` #### 2. Container Scanning ```python # Scan container image container_scan = await mcp.call("snyk", "container_test", { "image": "myapp:latest", "platform": "linux/amd64" }) print(f"Base Image: {container_scan[\"base_image\"]}") print(f"Critical: {container_scan[\"critical\"]}, High: {container_scan[\"high\"]}") # Get base image recommendations recommendations = await mcp.call("snyk", "recommend_base_image", { "image": "node:16" }) print(f"Recommended: {recommendations[\"suggested_image\"]}") ``` #### 3. Code Security (SAST) ```python # Scan code for security issues code_scan = await mcp.call("snyk", "code_test", { "path": "/app/src", "severity_threshold": "medium" }) for issue in code_scan["issues"]: print(f"[{issue[\"severity\"]}] {issue[\"title\"]}") print(f" File: {issue[\"file\"]}:{issue[\"line\"]}") print(f" CWE: {issue[\"cwe\"]}") print(f" Fix: {issue[\"fix_hint\"]}") ``` #### 4. Infrastructure as Code ```python # Scan Terraform configurations iac_scan = await mcp.call("snyk", "iac_test", { "path": "/terraform", "rules": ["SNYK-CC-*"] }) for issue in iac_scan["issues"]: print(f"[{issue[\"severity\"]}] {issue[\"title\"]}") print(f" Resource: {issue[\"resource\"]}") print(f" Impact: {issue[\"impact\"]}") print(f" Remediation: {issue[\"remediation\"]}") ``` ### Configuration ```json { "mcpServers": { "snyk": { "command": "npx", "args": ["-y", "@anthropic/mcp-snyk"], "env": { "SNYK_TOKEN": "your-snyk-token", "SNYK_ORG": "your-org-id" } } } } ``` ### Use Cases **Dependency Management**: Keep open source dependencies secure and updated. **Container Hardening**: Build secure container images from the start. **Secure Coding**: Catch security issues during development. **Infrastructure Security**: Prevent cloud misconfigurations in IaC. The Snyk MCP Server integrates security into every stage of development.
{
"mcpServers": {
"snyk": {
"mcpServers": {
"snyk": {
"env": {
"SNYK_TOKEN": "your-api-token"
},
"args": [
"-y",
"snyk-mcp-server"
],
"command": "npx"
}
}
}
}
}