MCP Server for Snyk Security Scanning
A standalone Model Context Protocol server for Snyk security scanning functionality.
WARNING: THIS MCP SERVER IS CURRENTLY IN ALPHA AND IS NOT YET FINISHED!
Update your Claude desktop config (claude-config.json):
{
"mcpServers": {
"snyk": {
"command": "npx",
"args": [
"-y",
"github:sammcj/mcp-snyk"
],
"env": {
"SNYK_API_KEY": "your_snyk_token",
"SNYK_ORG_ID": "your_default_org_id" // Optional: Configure a default organisation ID
}
}
}
}
Replace the token with your actual Snyk API token. The organisation ID can be configured in multiple ways:
SNYK_ORG_ID (as shown above)snyk config set org=your-org-idThe server will try these methods in order until it finds a valid organisation ID.
You can verify your Snyk token is configured correctly by asking Claude to run the verify_token command:
Verify my Snyk token configuration
This will check if your token is valid and show your Snyk user information. If you have the Snyk CLI installed and configured, it will also show your CLI-configured organization ID.
To scan a repository, you must provide its GitHub or GitLab URL:
Scan repository https://github.com/owner/repo for security vulnerabilities
IMPORTANT: The scan_repository command requires the actual repository URL (e.g., https://github.com/owner/repo). Do not use local file paths - always use the repository’s URL on GitHub or GitLab.
For Snyk projects:
Scan Snyk project project-id-here
The server will look for the organization ID in this order:
SNYK_ORG_ID)snyk config get org)You only need to specify the organization ID in your command if you want to override the configured values:
Scan repository https://github.com/owner/repo in organisation org-id-here
If you have the Snyk CLI installed (npm install -g snyk), the server can use it to:
This integration makes it easier to use the same organisation ID across both CLI and MCP server usage.
