What can you do with this server?

The Snyk API & Web MCP Server connects AI coding assistants to the Snyk API & Web (formerly Probely) platform, enabling natural language management of DAST (Dynamic Application Security Testing) scanning and vulnerability triage. Target Management * Create web targets and API targets from OpenAPI/Swagger schemas or Postman collections * List, get, update, and delete targets; assign labels, scanning agents, and configure settings Authentication Configuration * Configure form-based login, sequence-based login flows, HTTP Basic Auth, and API header/cookie authentication * Create, update, and delete multi-step login sequences * Configure TOTP-based 2FA, generate TOTP codes, and disable 2FA * Configure logout detection using CSS selectors, text patterns, or redirect URLs Credential Management * Securely create, list, get, update, and delete credentials (passwords, API keys, tokens) * Reference credentials via credentials:// URI format Scan Management * Start, stop, cancel, list, and get details of DAST scans * Configure scan profiles, excluded paths, and max scan duration Findings & Reporting * List, get, and update security findings; bulk-update finding states (e.g., mark as fixed, false positive, accepted risk) * Generate and download scan reports in PDF or HTML format with types including default, executive, OWASP, PCI, HIPAA, and ISO 27001 Infrastructure & Team Management * List and manage scanning agents for internal/private targets * Manage extra hosts (hostname/IP mappings) for targets * List teams and users; create labels for organizing targets Advanced * Make raw API requests for endpoints not covered by dedicated tools

Which integrations are available for this server?

Allows to interact with Snyk API & Web to onboard scan targets, configure authentication, run DAST scans, and triage findings.

How do I use Snyk API & Web MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Snyk API & Web MCP Server Configure a DAST scan for my web app at https://example.com" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Snyk API & Web MCP Server

Official

by snyk

Overview Schema Related Servers Score Discussions

Python

Remote

SAW MCP Banner

Snyk API & Web MCP Server

Connect your AI coding assistant to Snyk API & Web so it can onboard scan targets, configure authentication, run DAST scans, and triage findings — all through natural language.

Built on FastMCP 2.0, works with Cursor, Claude Code, Devin, and any MCP-compatible client.

Naming note: Snyk API & Web was formerly known as Probely. The API endpoints (api.probely.com), web console (plus.probely.app), and MCP tool names (probely_*) still use the legacy domain and prefix. Environment variables and config sections use the new SAW / saw naming.

See USER_GUIDE.md for usage, examples, and tool reference.

This repository is closed to public contributions. We appreciate community interest, but we do not accept pull requests, issues, or other contributions from external contributors at this time. If you have found a security issue, please see SECURITY.md.

Requirements

Python 3.10+
Snyk API & Web API key
Playwright MCP (Node.js 18+) — required for web target onboarding with login sequences; see Web target prerequisites

Related MCP server: Snyk MCP REST

Quick Start

1. Get Your API Key

Go to https://plus.probely.app/api-keys and create an API key.

Important
Use a custom role, limited-scope API key for the Snyk API & Web MCP Server. Create the key only with the permissions required for the intended actions. Do not use a highly privileged or global API key, as this can affect your entire account and its resources.

2. Install

Cursor Marketplace (recommended for Cursor users)

Install directly from the Cursor Marketplace:

Open the Snyk API & Web plugin page and click Install, or go to Settings → Plugins and search for Snyk API & Web
Set your API key as an environment variable before launching Cursor:
```
export MCP_SAW_API_KEY="your-api-key"
```

The plugin installs the MCP server, rules, and skills automatically.

Devin MCP Marketplace (Devin users)

Install directly from Devin's MCP Marketplace:

Open Devin and go to Settings → Configuration.
Under MCP servers, click Open MCP Marketplace.
Search for Snyk API & Web and click Install.
When prompted, enter your API key.

No manual configuration needed — Devin handles the setup automatically.

One-command install (any MCP client)

uvx --from git+https://github.com/snyk/saw-mcp.git saw-mcp

Or add to your MCP client configuration:

{
  "mcpServers": {
    "SAW": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/snyk/saw-mcp.git", "saw-mcp"],
      "env": {
        "MCP_SAW_API_KEY": "your-api-key"
      }
    }
  }
}

Install from release tarball

tar -xzvf SnykAPIWeb-<version>.tgz
cd SnykAPIWeb
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -r requirements.txt

Download from Releases and replace <version> with the actual version number (e.g., 1.0.0).

Clone from source

git clone https://github.com/snyk/saw-mcp.git
cd saw-mcp
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -r requirements.txt

3. Store Your API Key

The server reads your API key from (in order of precedence): environment variable MCP_SAW_API_KEY → .env file → config/config.yaml.

Option A: Environment variable (recommended for Marketplace / uvx installs)

export MCP_SAW_API_KEY="your-api-key"

Option B: .env file (recommended for source installs)

Run the setup script (prompts securely, no key in shell history):

./scripts/setup-env.sh

Or pipe from a secret manager: op read 'op://vault/item/key' | ./scripts/setup-env.sh

This writes a .env file in the project root (gitignored). The server loads it automatically at startup.

4. Configure Your IDE

If you installed from the Cursor or Devin marketplace, configuration is automatic. For other clients, add to your MCP client configuration:

{
  "mcpServers": {
    "SAW": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/snyk/saw-mcp.git", "saw-mcp"],
      "env": {
        "MCP_SAW_API_KEY": "your-api-key"
      }
    }
  }
}

For host-specific setup see the Installation Guides.

Override the base URL: add "MCP_SAW_BASE_URL": "https://your-instance-url" to the env block.
Use a config file: set "MCP_SAW_CONFIG_PATH": "/path/to/config.yaml" instead.
Set log level: add "MCP_SAW_LOG_LEVEL": "DEBUG" (options: DEBUG, INFO, WARNING, ERROR, CRITICAL; default: INFO).

5. Start Using

Ask your AI assistant to:

"Configure a Snyk API & Web API target from this OpenAPI schema / Swagger document / Postman collection."
"Configure a Snyk API & Web web target for this authenticated application."

See prompts.md for a full catalog of example prompts — from simple one-liners to complex multi-target workflows.

Web target prerequisites

The SAW MCP server talks to the Snyk API & Web platform — it does not include a browser. To onboard web targets with login sequences, the AI also needs Playwright MCP installed alongside SAW:

Install Playwright MCP in your IDE (Node.js 18+ required).
Use a natural-language prompt with the target URL and credentials — for example: "Add target example.com with credentials user@example.com / password123".
The AI uses Playwright to navigate the app, inspect the login form, and record selectors, then uses SAW MCP tools to create the target and upload the sequence in the Probely sequence-recorder format.

Without Playwright MCP, the AI cannot record a login flow and may produce an incorrect sequence JSON. In that case it falls back to form login (probely_configure_form_login), which works for simple login pages but not multi-step flows or 2FA.

See the Cursor installation guide for setup details.

IDE Integration

Detailed per-host guides live in docs/installation-guides/:

Host	Guide
Cursor	install-cursor.md
Claude Desktop	install-claude.md
Devin / Other IDEs	install-devin.md

Packaging

bash scripts/package.sh

Creates dist/SnykAPIWeb-<version>.tgz (version from snyk_apiweb/__init__.py).

Development & Testing

Run the Server (standalone)

Running the server directly starts it and waits for an MCP client connection. This is mainly useful for development and debugging:

./venv/bin/python -m snyk_apiweb.server

Development Mode (hot reload)

For active development with automatic reload on file changes:

./scripts/dev.sh

License

This project is licensed under the Apache License 2.0.

Install Server

license - permissive license

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

1wRelease cycle

8Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

View all tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/snyk/saw-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server