Snyk API & Web MCP Server

Connect your AI coding assistant to Snyk API & Web so it can onboard scan targets, configure authentication, run DAST scans, and triage findings — all through natural language.

Built on FastMCP 2.0, works with Cursor, Claude Code, Devin, Windsurf, and any MCP-compatible client.

Naming note: Snyk API & Web was formerly known as Probely. The API endpoints (api.probely.com), web console (plus.probely.app), and MCP tool names (probely_*) still use the legacy domain and prefix. Environment variables and config sections use the new SAW / saw naming.

See USER_GUIDE.md for usage, examples, and tool reference.

This repository is closed to public contributions. We appreciate community interest, but we do not accept pull requests, issues, or other contributions from external contributors at this time. If you have found a security issue, please see SECURITY.md.

Requirements

• Python 3.10+

• Snyk API & Web API key

Quick Start

1. Get Your API Key

Go to https://plus.probely.app/api-keys and create an API key.

Important

Use a custom role, limited-scope API key for the Snyk API & Web MCP Server. Create the key only with the permissions required for the intended actions. Do not use a highly privileged or global API key, as this can affect your entire account and its resources.

2. Install

Windsurf Marketplace (Windsurf users)

Install directly from the Windsurf Marketplace:

1. Open Windsurf and click the MCPs icon in the Cascade panel, or go to Windsurf Settings → Cascade → MCP Servers.

2. Search for Snyk API & Web and click Install.

3. When prompted, enter your API key.

No manual configuration needed — Windsurf handles the setup automatically.

One-command install (any MCP client)

uvx --from git+https://github.com/snyk/saw-mcp.git saw-mcp

Or add to your MCP client configuration:

{
  "mcpServers": {
    "SAW": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/snyk/saw-mcp.git", "saw-mcp"],
      "env": {
        "MCP_SAW_API_KEY": "your-api-key"
      }
    }
  }
}

Install from release tarball

tar -xzvf SnykAPIWeb-<version>.tgz
cd SnykAPIWeb
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -r requirements.txt

Download from Releases and replace <version> with the actual version number (e.g., 1.0.0).

Clone from source

git clone https://github.com/snyk/saw-mcp.git
cd saw-mcp
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -r requirements.txt

3. Store Your API Key

The server reads your API key from (in order of precedence): environment variable MCP_SAW_API_KEY → .env file → config/config.yaml.

Option A: Environment variable (recommended for Marketplace / uvx installs)

export MCP_SAW_API_KEY="your-api-key"

Option B: .env file (recommended for source installs)

Run the setup script (prompts securely, no key in shell history):

./scripts/setup-env.sh

Or pipe from a secret manager: op read 'op://vault/item/key' | ./scripts/setup-env.sh

This writes a .env file in the project root (gitignored). The server loads it automatically at startup.

4. Configure Your IDE

If you installed from the Windsurf Marketplace, configuration is automatic. For other clients, add to your MCP client configuration:

{
  "mcpServers": {
    "SAW": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/snyk/saw-mcp.git", "saw-mcp"],
      "env": {
        "MCP_SAW_API_KEY": "your-api-key"
      }
    }
  }
}

For host-specific setup see the Installation Guides.

• Override the base URL: add "MCP_SAW_BASE_URL": "https://your-instance-url" to the env block.

• Use a config file: set "MCP_SAW_CONFIG_PATH": "/path/to/config.yaml" instead.

• Set log level: add "MCP_SAW_LOG_LEVEL": "DEBUG" (options: DEBUG, INFO, WARNING, ERROR, CRITICAL; default: INFO).

5. Start Using

Ask your AI assistant to:

• "Configure a Snyk API & Web API target from this OpenAPI schema / Swagger document / Postman collection."

• "Configure a Snyk API & Web web target for this authenticated application."

See prompts.md for a full catalog of example prompts — from simple one-liners to complex multi-target workflows.

IDE Integration

Detailed per-host guides live in docs/installation-guides/:

Packaging

bash scripts/package.sh

Creates dist/SnykAPIWeb-<version>.tgz (version from snyk_apiweb/__init__.py).

Development & Testing

Run the Server (standalone)

Running the server directly starts it and waits for an MCP client connection. This is mainly useful for development and debugging:

./venv/bin/python -m snyk_apiweb.server

Development Mode (hot reload)

For active development with automatic reload on file changes:

./scripts/dev.sh

License

This project is licensed under the Apache License 2.0.