Enables scanning of GitHub repositories for vulnerabilities and security issues by connecting to repositories like 'github.com/aquasecurity/trivy-ci-test'.
Provides vulnerability scanning capabilities for various sources including filesystems, container images, and code repositories, allowing users to identify vulnerabilities and misconfigurations through an MCP server interface.
Trivy MCP Server Plugin
https://github.com/user-attachments/assets/125791b0-3164-4dcc-8fb3-e45481a9cbf7
This plugin starts a Model Context Protocol (MCP) server that integrates Trivy's security scanning capabilities with VS Code and other MCP-enabled tools.
Features
Natural Language Scanning: Ask questions about security issues in natural language
Multiple Scan Types:
Filesystem scanning for local projects
Container image vulnerability scanning
Remote repository security analysis
Integration with Aqua Platform: Optional integration with Aqua Security's platform for enhanced scanning capabilities and assurance policy compliance
Flexible Transport: Support for stdio, streamable HTTP, and SSE (Server-Sent Events) transport protocols
IDE Integration: Seamless integration with VS Code, Cursor, JetBrains IDEs, and Claude Desktop
Related MCP server: Algolia
Quick Start
Installation
Starting the Server
Documentation
For comprehensive documentation, please see the docs directory:
Example Query
After setting up the plugin and configuring your IDE, you can start asking security-related questions:
For more examples, see the Example Queries page.
License
MIT License - see the LICENSE file for details.