Skip to main content
Glama
friendlygeorge

Security Scanner MCP Server

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault

No arguments

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": true
}

Tools

Functions exposed to the LLM to take actions

NameDescription
scan_imageA

Scan a Docker image for known vulnerabilities using Trivy. Returns a summary of critical/high/medium/low vulnerabilities with package names and fix availability.

vulnerability_reportA

Generate a detailed vulnerability report for a Docker image with remediation recommendations (which packages to upgrade). More detailed than scan_image.

scan_filesystemA

Scan a local directory or file for vulnerabilities, misconfigurations, and secrets using Trivy. Supports Dockerfiles, Terraform, Kubernetes manifests, and application dependencies.

scan_repositoryB

Scan a git repository (local or remote URL) for vulnerabilities, misconfigurations, and secrets using Trivy.

scan_sbomA

Scan a Software Bill of Materials (SBOM) file for known vulnerabilities. Accepts CycloneDX or SPDX format SBOMs.

generate_sbomA

Generate a Software Bill of Materials (SBOM) for a Docker image in CycloneDX or SPDX format. The SBOM lists all packages and dependencies in the image.

scan_configA

Scan Infrastructure-as-Code files for misconfigurations and security issues. Supports Terraform, Dockerfile, Kubernetes manifests, CloudFormation, Helm charts, and more.

scan_image_grypeA

Scan a Docker image for vulnerabilities using Grype (Anchore's scanner). Provides cross-validation against Trivy results — different vulnerability database, different detection coverage.

scan_filesystem_grypeA

Scan a local directory or file for vulnerabilities using Grype. Cross-validates against Trivy filesystem scans.

scan_remote_imageA

Scan a container image directly from a remote registry using Grype. No Docker daemon required — pulls the image manifest and layers directly.

scan_purlA

Look up known vulnerabilities for a specific package using its Package URL (PURL). Useful for checking if a specific dependency version is affected by any CVEs.

db_statusA

Check the status of Grype's vulnerability database — last update time, database schema version, and whether an update is available.

update_dbA

Update Grype's vulnerability database to the latest version. Recommended before scanning if the DB hasn't been updated recently.

get_versionA

Get version information for installed security scanning engines (Trivy and/or Grype).

cross_validateA

Scan a Docker image with BOTH Trivy and Grype, then compare results. Surfaces vulnerabilities found by only one engine (different databases = different coverage). This is the key differentiator — no other MCP server offers multi-engine cross-validation.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/friendlygeorge/security-scanner-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server