A
securityF
licenseA
qualityA Model Context Protocol server that performs Trivy scans to generate Software Bill of Materials (SBOM) in CycloneDX format.
Last updated 9 months ago
1
2
Trivy MCP Integrations
Trivy is a comprehensive open source vulnerability scanner for containers and other artifacts, maintained by Aqua Security.
Why this server?
Performs container and application vulnerability scanning using Trivy and produces a Software Bill of Materials (SBOM) in CycloneDX format.
Why this server?
Provides vulnerability scanning capabilities for various sources including filesystems, container images, and code repositories, allowing users to identify vulnerabilities and misconfigurations through an MCP server interface.
MIT LicenseWhy this server?
Integrates Trivy vulnerability scanner for container image and filesystem security scanning with configurable severity filtering
AsecurityFlicenseAqualityEnables security auditing, penetration testing, and compliance validation with tools like Semgrep, Trivy, Gitleaks, and OWASP ZAP. Features strict project boundary enforcement and supports OWASP, CIS, and NIST compliance frameworks.Last updated 3 months ago7Why this server?
Provides security scanning capabilities for projects, automatically scanning directories for vulnerabilities and offering automated fixes to update vulnerable dependencies to secure versions across multiple package managers.
-securityAlicense-qualityProvides Trivy security scanning capabilities through a standardized interface, allowing users to scan projects for vulnerabilities and automatically fix them by updating dependencies.Last updated 10 months ago10MIT LicenseWhy this server?
Integrated vulnerability scanner for comprehensive security reports across repositories
Why this server?
Performs vulnerability scanning on container images with results uploaded to GitHub Security
MIT LicenseWhy this server?
Enables container and Infrastructure as Code vulnerability scanning through Trivy integration for Docker images and IaC templates
-securityAlicense-qualityIntegrates 15+ static application security testing tools (Semgrep, Bandit, TruffleHog, etc.) with Claude Code AI, enabling automated vulnerability scanning and security analysis through natural language commands. Supports cross-platform operation with remote execution on dedicated security VMs.Last updated 13 days ago4MIT LicenseWhy this server?
Provides methodology and documentation for CVE and dependency scanning, guiding AI agents through vulnerability detection in project dependencies
-securityAlicense-qualityProvides security assessment methodology, tool documentation, and step-by-step workflows to guide AI agents through vulnerability scanning, static analysis, and penetration testing of applications and URLs.Last updated 2 days agoMIT LicenseWhy this server?
Performs security scans including Software Composition Analysis (SCA) and Infrastructure as Code (IaC) security checks to identify vulnerabilities in dependencies and infrastructure configurations.
-securityAlicense-qualityEnables security scanning of codebases through integrated tools for secret detection, SCA, SAST, and DAST vulnerabilities, with AI-powered remediation suggestions based on findings.Last updated 3 months agoMIT License
