Add it to Claude Code
claude mcp add snyk-studio -- snyk mcpMake your agent remember this setup
snyk-studio's config, env vars, and the gotchas you hit — recalled in every future Claude Code, Cursor, and Codex session.
npx conare@latestFree · one command · indexes the sessions already on disk. Set up in the browser instead →
What it does
- Integrates Snyk security scanning directly into MCP-enabled AI tools.
- Supports multiple scan types including SCA, Code, IaC, and Container.
- Provides security context to AI agents for more accurate code analysis.
- Includes built-in authentication management for Snyk services.
- Supports SBOM and AIBOM generation for project transparency.
Tools 11
snyk_sca_scanPerforms an Open Source dependency scan on the project.snyk_code_scanPerforms a static code analysis scan.snyk_iac_scanPerforms an Infrastructure as Code security scan.snyk_container_scanPerforms a container security scan.snyk_sbom_scanPerforms a scan on an SBOM file.snyk_aibomCreates an AIBOM for the project.snyk_trustTrusts a specific folder before running a scan.snyk_authHandles authentication with Snyk.snyk_logoutLogs out of the Snyk session.snyk_auth_statusChecks the current authentication status.snyk_versionRetrieves version information for the Snyk CLI.Try it
Original README from snyk/studio-mcp
Snyk Studio MCP
MCP (Model Context Protocol) is an open protocol that standardizes how applications share context with large language models.
MCP can provide AI systems with additional information needed to generate accurate and relevant responses for use cases where the AI systems do not have the context, by integrating the AI systems with tools and platforms that have specific capabilities.
You can integrate Snyk MCP into MCP-supporting tools to provide Snyk security context.
Snyk is introducing an MCP server as part of the Snyk CLI. This allows MCP-enabled agentic tools to integrate Snyk security scanning capabilities directly, thus bridging the gap between security scanning and AI-assisted workflows.
In environments or applications that use MCP, you can use the snyk mcp CLI command to:
- Invoke Snyk scans:
Trigger CLI security scans for code, dependencies, or configurations in your codebase in your current MCP context. - Retrieve results:
Obtain Snyk security findings directly in your MCP-enabled tool or environment.
The Snyk MCP server supports integrating the following Snyk security tools into an AI system:
snyk_sca_scan(Open Source scan)snyk_code_scan(Code scan)snyk_iac_scan(IaC scan)snyk_container_scan(IaC scan)snyk_sbom_scan(SBOM file scan)snyk_aibom(Create AIBOM)snyk_trust(Trust a given folder before running a scan)snyk_auth(authentication)snyk_logout(logout)snyk_auth_status(authentication status check)snyk_version(version information)
Running snyk_sca_scan may execute third-party ecosystem tools (for example, Gradle or Maven) on your machine to fetch the project's dependency tree.
For more details, see the Snyk MCP installation, configuration and startup and Troubleshooting for the Snyk MCP server pages.
This repository is closed to public contributions.