Skip to main content
Glama
Sign In
deenesjakoruzh

Trivy

by aquasecurity
GitHub
Go
MIT License
10
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
Integrations

  • Enables scanning of GitHub repositories for vulnerabilities and security issues by connecting to repositories like 'github.com/aquasecurity/trivy-ci-test'.

  • Provides vulnerability scanning capabilities for various sources including filesystems, container images, and code repositories, allowing users to identify vulnerabilities and misconfigurations through an MCP server interface.

Trivy MCP 服务器插件 -实验性 WIP

此插件启动一个 MCP 服务器,可用作 Trivy 的网关

[!IMPORTANT] 这是 MCP 服务器的早期开发阶段,因此您应该假设目前情况不会很好

安装插件

要安装插件,您可以使用 Trivy 的插件管理系统

trivy plugin install mcp

将安装最新版本的插件

启动插件

现在您可以启动插件了,这将启动一个可与 Cursor 或 VSCode 交互的 MCP 服务器。目前,本指南将主要介绍 VSCode。

trivy mcp

选项

除了 Trivy 支持的常用全局标志外,MCP 服务器还提供了以下标志。目前,您无需指定任何标志

争论选项默认描述
--transport / -tsse stdiostdioMCP Server 运行的传输
--port / -p23456启动 MCP 服务器的端口
--trivy-binary可选择提供二进制文件来代替核心代码

在 VSCode 中配置 MCP 服务器

现在,我们需要在 VSCode 中配置服务器以开始用作代理

先决条件

  • = VS Code 版本 1.99.0

配置插件

您可以配置 Trivy mcp 自行启动或使用 sse http 端点

配置 stdio
  1. 在 VS Code 中,按F1
  2. 搜索"Preferences: Open User Settings (JSON)"
  3. 查找或创建"mcp"块并添加服务器,如下所示
    "mcp": { "servers": { "Trivy MCP": { "command": "trivy", "args": [ "mcp", "-t", "stdio" ] } } }
  4. 保存后,将出现一条注释以Start服务器
配置 SSE HTTP
  1. 启动 MCP 服务器
    trivy mcp -t sse -p 23456
  2. 在 VS Code 中,按F1
  3. 搜索"Preferences: Open User Settings (JSON)"
  4. 查找或创建"mcp"块并添加服务器,如下所示
    "mcp": { "servers": { "Trivy SSE": { "type": "sse", "url": "http://localhost:23456/sse" } } }
  5. 保存后,将出现一条注释以Start服务器

一些示例提示

确保聊天窗口处于Agent模式,而不是Ask

文件系统扫描

有了开放的项目,何不尝试一下;

Are there any vulnerabilities or misconfigurations in this project?

图像扫描

您可以询问图片以获取信息

Does the python:3.12 image have any vulnerabilities?

存储库扫描

了解远程存储库

What are the vulnerabilities in github.com/aquasecurity/trivy-ci-test

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

琐事

  1. 安装插件
    1. 启动插件
      1. 选项
    2. 在 VSCode 中配置 MCP 服务器
      1. 先决条件
      2. 配置插件
    3. 一些示例提示
      1. 文件系统扫描
      2. 图像扫描
      3. 存储库扫描

    Related MCP Servers

    • Trivy Security Scanner MCP Server

      norbinsh
      -
      security
      A
      license
      -
      quality
      Provides Trivy security scanning capabilities through a standardized interface, allowing users to scan projects for vulnerabilities and automatically fix them by updating dependencies.
      Last updated -
      2
      Python
      MIT License
      • Apple

    • Spline MCP Server

      aydinfer
      -
      security
      F
      license
      -
      quality
      An interface that enables Claude to interact with Spline 3D design tool, allowing operations like exporting scenes, importing models, and creating animations through natural language commands.
      Last updated -
      JavaScript

    • TriliumNext Notes' MCP Server

      tan-yong-sheng
      A
      security
      F
      license
      A
      quality
      A model context protocol server that allows interaction with TriliumNext Notes, providing tools to create, search, retrieve, update, and delete notes through natural language commands.
      Last updated -
      5
      1
      JavaScript
      • Apple

    • Fastly

      jedisct1
      -
      security
      F
      license
      -
      quality
      Fastly
      Last updated -
      JavaScript

    View all related MCP servers

    New MCP Servers

    MCP directory API

    We provide all the information about MCP servers via our MCP API.

    curl -X GET 'https://glama.ai/api/mcp/v1/servers/aquasecurity/trivy-mcp'

    If you have feedback or need assistance with the MCP directory API, please join our Discord server