Which integrations are available for this server?

Enables scanning of GitHub repositories for vulnerabilities and security issues by connecting to repositories like 'github.com/aquasecurity/trivy-ci-test'. Provides vulnerability scanning capabilities for various sources including filesystems, container images, and code repositories, allowing users to identify vulnerabilities and misconfigurations through an MCP server interface.

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Trivy scan this Dockerfile for vulnerabilities" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Trivy MCP Server Plugin

GitHub All Releases

https://github.com/user-attachments/assets/125791b0-3164-4dcc-8fb3-e45481a9cbf7

This plugin starts a Model Context Protocol (MCP) server that integrates Trivy's security scanning capabilities with VS Code and other MCP-enabled tools.

Features

Natural Language Scanning: Ask questions about security issues in natural language
Multiple Scan Types:
- Filesystem scanning for local projects
- Container image vulnerability scanning
- Remote repository security analysis
Integration with Aqua Platform: Optional integration with Aqua Security's platform for enhanced scanning capabilities and assurance policy compliance
Flexible Transport: Support for stdio, streamable HTTP, and SSE (Server-Sent Events) transport protocols
IDE Integration: Seamless integration with VS Code, Cursor, JetBrains IDEs, and Claude Desktop

Related MCP server: Algolia

Quick Start

Installation

trivy plugin install mcp

Starting the Server

trivy mcp

Documentation

For comprehensive documentation, please see the docs directory:

Example Query

After setting up the plugin and configuring your IDE, you can start asking security-related questions:

Are there any vulnerabilities or misconfigurations in this project?

For more examples, see the Example Queries page.

License

MIT License - see the LICENSE file for details.

This server cannot be installed

-

security - not tested

A

license - permissive license

-

quality - not tested

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Report Issue

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Trivy