Skip to main content
Glama
SymbioticSec

Symbiotic MCP Server

Official
by SymbioticSec
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

Symbiotic MCP Server

A Model Context Protocol (MCP) server for security analysis using Symbiotic CLI

Description

This server exposes security analysis tools via the MCP protocol for any MCP-compatible client. It allows scanning code and infrastructure files without affecting your workspace.

Available Tools

  • code_scan_files - Static code analysis

  • infra_scan_files - Infrastructure security scanning

  • security_scan_files - Comprehensive security scan (code + infrastructure)

  • get_supported_languages - List of supported programming languages

Related MCP server: Security-Use MCP Server

Cursor Integration

Setting up the Security Review Command

  1. Create a .cursor directory in your project root if it doesn't exist

  2. Create or update .cursor/commands/security-review.md with the contents of security-review.md

Using the Command

  1. Open the chat panel in Cursor (Cmd+L or Ctrl+L)

  2. Type /security-review followed by optional file paths or glob patterns

  3. The command will perform a comprehensive security analysis, including:

    • Scanning selected files or the entire workspace

    • Analyzing for security vulnerabilities

    • Triaging findings and filtering false positives

    • Providing a detailed report with severity levels and remediation suggestions

    • Offering to apply automatic fixes for identified issues

Installation

  1. Install symbiotic-cli

https://github.com/SymbioticSec/cli/releases

  1. Get API token

Create an account on Symbiotic Security and retrieve your API token.

  1. Build and start

Clone this repository and install dependencies:

npm install
npm run build

MCP Configuration

In VSCode, open MCP: Open User Configuration and add in servers:

{
 "servers": {
  "symbiotic-security": {
       "command": "node",
      "args": ["path/to/build/index.js"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here",
    }
  },
}

Configuration for other MCP clients may vary but generally follows the same structure.

{
  "mcpServers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path/to/build/index.js"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      }
    }
  }
}

Important environment variables:

  • SYMBIOTIC_API_TOKEN (required) - Your Symbiotic API token

Note: Configuration file name and location may vary depending on your MCP client.

Transport Modes

  • STDIO (default) - Standard communication for MCP

  • SSE - Server-Sent Events over HTTP

  • Streamable HTTP - HTTP with /mcp endpoint

# STDIO (default)
node build/index.js

# HTTP server on port 9593
SERVER_PORT=9593 node build/index.js

Authentication

The server requires a valid Symbiotic Security API token. Configuration is done via MCP environment variables.

Minimal required configuration:

"env": {
  "SYMBIOTIC_API_TOKEN": "your_token_here"
}

How It Works

  1. Receives code files via MCP

  2. Creates temporary files

  3. Executes symbiotic-cli

  4. Automatic cleanup of temporary files

  5. Returns formatted results

Install Server
A
license - permissive license
A
quality
D
maintenance

How are these scores calculated?

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/SymbioticSec/mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server