Documentation Search MCP Server

snyk_scan_project

Scan project dependencies for security vulnerabilities to identify and address potential risks in your codebase.

Instructions

Scan entire project dependencies using Snyk.

Args:
    project_path: Path to the project directory (default: current directory)

Returns:
    Comprehensive security report for all project dependencies

Input Schema

TableJSON Schema

Name	Required	Description	Default
`project_path`	No		.

Implementation Reference

src/documentation_search_enhanced/main.py:1867-1995 (handler)

MCP tool handler for snyk_scan_project: scans project dependencies using Snyk API by parsing manifest files and calling Snyk's scan_project_manifest.

async def snyk_scan_project(project_path: str = "."):
    """
    Scan entire project dependencies using Snyk.

    Args:
        project_path: Path to the project directory (default: current directory)

    Returns:
        Comprehensive security report for all project dependencies
    """
    from .snyk_integration import snyk_integration
    from .project_scanner import find_and_parse_dependencies

    try:
        # Find project dependencies
        dep_result = find_and_parse_dependencies(project_path)
        if not dep_result:
            return {
                "error": "No supported dependency files found",
                "supported_files": [
                    "pyproject.toml",
                    "requirements.txt",
                    "package.json",
                ],
                "project_path": project_path,
            }

        filename, ecosystem, dependencies = dep_result
        manifest_path = os.path.join(project_path, filename)

        # Test Snyk connection
        connection_test = await snyk_integration.test_connection()
        if connection_test["status"] != "connected":
            return {
                "error": "Snyk integration not configured",
                "details": connection_test.get("error", "Unknown error"),
            }

        # Scan the project manifest
        scan_result = await snyk_integration.scan_project_manifest(
            manifest_path, ecosystem
        )

        if "error" in scan_result:
            return scan_result

        # Enhance with additional analysis
        high_priority_vulns = [
            vuln
            for vuln in scan_result["vulnerabilities"]
            if vuln.get("severity") in ["critical", "high"]
        ]

        return {
            "project_path": project_path,
            "manifest_file": filename,
            "ecosystem": ecosystem,
            "scan_timestamp": scan_result["scan_timestamp"],
            "summary": {
                **scan_result["summary"],
                "high_priority_vulnerabilities": len(high_priority_vulns),
                "security_score": max(
                    0,
                    100
                    - (
                        len(
                            [
                                v
                                for v in scan_result["vulnerabilities"]
                                if v.get("severity") == "critical"
                            ]
                        )
                        * 25
                        + len(
                            [
                                v
                                for v in scan_result["vulnerabilities"]
                                if v.get("severity") == "high"
                            ]
                        )
                        * 15
                        + len(
                            [
                                v
                                for v in scan_result["vulnerabilities"]
                                if v.get("severity") == "medium"
                            ]
                        )
                        * 5
                        + len(
                            [
                                v
                                for v in scan_result["vulnerabilities"]
                                if v.get("severity") == "low"
                            ]
                        )
                        * 1
                    ),
                ),
            },
            "high_priority_vulnerabilities": high_priority_vulns[:10],
            "license_issues": scan_result["license_issues"],
            "remediation_summary": {
                "patches_available": len(
                    [v for v in scan_result["vulnerabilities"] if v.get("is_patchable")]
                ),
                "upgrades_available": len(
                    [v for v in scan_result["vulnerabilities"] if v.get("upgrade_path")]
                ),
                "total_fixable": len(
                    [
                        v
                        for v in scan_result["vulnerabilities"]
                        if v.get("is_patchable") or v.get("upgrade_path")
                    ]
                ),
            },
            "next_steps": [
                "🚨 Address all critical vulnerabilities immediately",
                "📦 Update packages with available security patches",
                "🔍 Review medium and low priority issues",
                "⚖️ Check license compliance for flagged packages",
                "🔄 Set up continuous monitoring with Snyk",
            ],
        }

    except Exception as e:
        return {"error": f"Project scan failed: {str(e)}", "project_path": project_path}

src/documentation_search_enhanced/snyk_integration.py:250-296 (helper)

Core helper function scan_project_manifest in SnykIntegration class that sends project manifest to Snyk API for scanning.

async def scan_project_manifest(
    self, manifest_path: str, ecosystem: str = None
) -> Dict[str, Any]:
    """Scan project manifest file (requirements.txt, package.json, etc.)"""

    if not os.path.exists(manifest_path):
        return {"error": f"Manifest file not found: {manifest_path}"}

    # Auto-detect ecosystem if not provided
    if not ecosystem:
        if manifest_path.endswith(("requirements.txt", "pyproject.toml")):
            ecosystem = "pip"
        elif manifest_path.endswith("package.json"):
            ecosystem = "npm"
        else:
            ecosystem = "pip"  # Default

    try:
        with open(manifest_path, "r", encoding="utf-8") as f:
            file_contents = f.read()

        async with httpx.AsyncClient(timeout=self.timeout) as client:
            test_payload = {
                "encoding": "plain",
                "files": {
                    os.path.basename(manifest_path): {"contents": file_contents}
                },
            }

            response = await client.post(
                f"{self.base_url}/v1/test/{ecosystem}",
                headers=self._get_headers(),
                json=test_payload,
            )

            if response.status_code == 200:
                data = response.json()
                return self._parse_project_scan_result(data, manifest_path)
            else:
                return {
                    "error": f"Snyk API error: {response.status_code}",
                    "details": response.text,
                }

    except Exception as e:
        return {"error": f"Failed to scan manifest: {str(e)}"}

src/documentation_search_enhanced/project_scanner.py:57-86 (helper)

Helper function to find and parse dependency files (pyproject.toml, requirements.txt, package.json) in the project directory.

def find_and_parse_dependencies(
    directory: str,
) -> Optional[Tuple[str, str, Dict[str, str]]]:
    """
    Finds and parses the most relevant dependency file in a directory.

    Returns:
        A tuple of (file_path, ecosystem, dependencies_dict) or None.
    """
    supported_files = {
        "pyproject.toml": ("PyPI", parse_pyproject_toml),
        "requirements.txt": ("PyPI", parse_requirements_txt),
        "package.json": ("npm", parse_package_json),
    }

    for filename, (ecosystem, parser_func) in supported_files.items():
        file_path = os.path.join(directory, filename)
        if os.path.exists(file_path):
            try:
                with open(file_path, "r", encoding="utf-8") as f:
                    content = f.read()
                dependencies = parser_func(content)
                return filename, ecosystem, dependencies
            except Exception as e:
                print(f"⚠️ Error parsing {filename}: {e}", file=sys.stderr)
                # Continue to the next file type if parsing fails
                continue

    return None

src/documentation_search_enhanced/snyk_integration.py:98-112 (helper)

SnykIntegration class providing the core Snyk API client with authentication, caching, and connection testing.

class SnykIntegration:
    """Snyk API integration for enterprise security scanning"""

    def __init__(self):
        self.api_key = os.getenv("SNYK_API_KEY")
        self.org_id = os.getenv("SNYK_ORG_ID")
        self.base_url = "https://api.snyk.io"
        self.rest_api_url = "https://api.snyk.io/rest"
        self.timeout = httpx.Timeout(60.0)

        # Cache for API responses
        self.cache = {}
        self.cache_ttl = timedelta(hours=6)

    def _get_headers(self) -> Dict[str, str]:

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It states the action ('Scan') and output ('Comprehensive security report'), but lacks details on permissions, side effects, rate limits, or error handling. For a security scanning tool, this is a significant gap in transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and concise, with a clear purpose statement followed by Args and Returns sections. Each sentence adds value, and there's no redundant information. It could be slightly more front-loaded by integrating the parameter details into the main description.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (security scanning), no annotations, and no output schema, the description is partially complete. It covers the basic action and parameter but lacks details on output format, error cases, and behavioral traits. This leaves gaps for an agent to invoke it effectively in varied contexts.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds meaningful context for the single parameter: 'project_path: Path to the project directory (default: current directory)'. This clarifies the parameter's purpose and default value, compensating for the 0% schema description coverage. However, it doesn't elaborate on path format or validation rules.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Scan entire project dependencies using Snyk.' It specifies the verb ('Scan') and resource ('project dependencies'), and mentions the technology ('Snyk'). However, it doesn't explicitly differentiate from siblings like 'scan_project_dependencies' or 'snyk_scan_library', which reduces clarity.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention siblings like 'scan_project_dependencies' or 'snyk_scan_library', nor does it specify prerequisites, exclusions, or contextual triggers for usage. This leaves the agent without direction on tool selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/gemini2026/documentation-search-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server