How do I use ScanRook MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@ScanRook MCP Server Scan node:20-alpine for vulnerabilities" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

ScanRook MCP Server

An MCP (Model Context Protocol) server that gives AI assistants vulnerability scanning capabilities via ScanRook.

Tools

Tool	Description
`scan_image`	Scan a Docker/OCI image for vulnerabilities
`scan_status`	Check scan progress and results
`get_findings`	Get detailed vulnerability findings
`search_cve`	Look up a specific CVE
`list_scans`	List recent scans
`analyze_licenses`	Check license compliance
`compare_scans`	Compare findings between two scans
`check_package`	Check a package for known vulnerabilities

Setup

Install

npm install -g scanrook-mcp

Configure

Set your ScanRook API key:

export SCANROOK_API_KEY="your-api-key"
export SCANROOK_API_URL="https://scanrook.io"  # optional, defaults to scanrook.io

Use with Claude Code

Add to your Claude Code MCP settings:

{
  "mcpServers": {
    "scanrook": {
      "command": "scanrook-mcp",
      "env": {
        "SCANROOK_API_KEY": "your-api-key"
      }
    }
  }
}

Use with Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "scanrook": {
      "command": "npx",
      "args": ["scanrook-mcp"],
      "env": {
        "SCANROOK_API_KEY": "your-api-key"
      }
    }
  }
}

Examples

Once connected, you can ask your AI assistant:

"Scan nginx:1.27 for vulnerabilities"
"What's the status of my last scan?"
"Show me the critical findings"
"Is CVE-2024-0727 in my image?"
"Check if lodash 4.17.20 has any known vulnerabilities"
"Compare my latest scan with last week's scan"
"Analyze the licenses in my last scan"

Environment Variables

Variable	Default	Description
`SCANROOK_API_KEY`	(required)	Your ScanRook API key
`SCANROOK_API_URL`	`https://scanrook.io`	ScanRook API base URL

Install Server

A

license - permissive license

A

quality

C

maintenance

How are these scores calculated?

Resources

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

ScanRook MCP Server

ScanRook MCP Server

Tools

Setup

Install

Configure

Use with Claude Code

Use with Claude Desktop

Examples

Environment Variables

Resources

Looking for Admin?

Tools

Latest Blog Posts

MCP directory API