Skip to main content
Glama
Sign In
deenesjakoruzh

Trivy

by aquasecurity
GitHub
Go
MIT License
10
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
Integrations

  • Enables scanning of GitHub repositories for vulnerabilities and security issues by connecting to repositories like 'github.com/aquasecurity/trivy-ci-test'.

  • Provides vulnerability scanning capabilities for various sources including filesystems, container images, and code repositories, allowing users to identify vulnerabilities and misconfigurations through an MCP server interface.

Trivy MCP Server Plugin - EXPERIMENTAL WIP

This plugin starts an MCP Server that can be used as a gateway to Trivy

Important

This is early stage development of the MCP Server, so you should assume things won't work great for now

Installing the plugin

To install the plugin you can use Trivy's plugin management system

trivy plugin install mcp

The will install the latest version of the plugin

Starting the plugin

You're now ready to start the plugin, this will launch an MCP server that Cursor or VSCode can interact with. For now, the instructions will focus on VSCode

trivy mcp

Options

Along with the usual global flags supported by Trivy, the following flags are available for the MCP server. For now, you don't need to specify any of them

ArgumentOptionsDefaultDescription
--transport / -tsse, stdiostdioThe transport of MCP Server to run
--port / -p23456The port to launch the MCP server on
--trivy-binaryOptionally provide a binary to use instead of core code

Configuring the MCP Server in VSCode

Now, we need to configure the server in VSCode to start using as an agent

Prereqs

  • >= version 1.99.0 of VS Code

Configuring the plugin

You can configure the Trivy mcp to start itself or use the sse http endpoint

Configuring for stdio
  1. In VS Code, press F1
  2. Search for "Preferences: Open User Settings (JSON)"
  3. Find or create the "mcp" block and add a server as below
    "mcp": { "servers": { "Trivy MCP": { "command": "trivy", "args": [ "mcp", "-t", "stdio" ] } } }
  4. When you save, an annotation will appear to Start the server
Configuring for SSE HTTP
  1. Start the MCP Server
    trivy mcp -t sse -p 23456
  2. In VS Code, press F1
  3. Search for "Preferences: Open User Settings (JSON)"
  4. Find or create the "mcp" block and add a server as below
    "mcp": { "servers": { "Trivy SSE": { "type": "sse", "url": "http://localhost:23456/sse" } } }
  5. When you save, an annotation will appear to Start the server

Some sample prompts

Important

Ensure that the chat window is in Agent mode not Ask

Filesystem scanning

With an open project, why not try;

Are there any vulnerabilities or misconfigurations in this project?

Image scanning

You can ask about images to get information

Does the python:3.12 image have any vulnerabilities?

Repository scanning

Find out about a remote repository

What are the vulnerabilities in github.com/aquasecurity/trivy-ci-test

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

Trivy

  1. Installing the plugin
    1. Starting the plugin
      1. Options
    2. Configuring the MCP Server in VSCode
      1. Prereqs
      2. Configuring the plugin
    3. Some sample prompts
      1. Filesystem scanning
      2. Image scanning
      3. Repository scanning

    Related MCP Servers

    • Trivy Security Scanner MCP Server

      norbinsh
      -
      security
      A
      license
      -
      quality
      Provides Trivy security scanning capabilities through a standardized interface, allowing users to scan projects for vulnerabilities and automatically fix them by updating dependencies.
      Last updated -
      2
      Python
      MIT License
      • Apple

    • Spline MCP Server

      aydinfer
      -
      security
      F
      license
      -
      quality
      An interface that enables Claude to interact with Spline 3D design tool, allowing operations like exporting scenes, importing models, and creating animations through natural language commands.
      Last updated -
      JavaScript

    • TriliumNext Notes' MCP Server

      tan-yong-sheng
      A
      security
      F
      license
      A
      quality
      A model context protocol server that allows interaction with TriliumNext Notes, providing tools to create, search, retrieve, update, and delete notes through natural language commands.
      Last updated -
      5
      1
      JavaScript
      • Apple

    • Fastly

      jedisct1
      -
      security
      F
      license
      -
      quality
      Fastly
      Last updated -
      JavaScript

    View all related MCP servers

    New MCP Servers

    MCP directory API

    We provide all the information about MCP servers via our MCP API.

    curl -X GET 'https://glama.ai/api/mcp/v1/servers/aquasecurity/trivy-mcp'

    If you have feedback or need assistance with the MCP directory API, please join our Discord server