Trivy Mcp
What is Trivy Mcp
Trivy-MCP is an experimental plugin that starts an MCP Server, functioning as a gateway to Trivy, a popular open-source vulnerability scanner.
Use cases
Use cases include integrating vulnerability scanning into development workflows, providing real-time feedback on security issues in code, and enhancing security practices in DevOps.
How to use
To use Trivy-MCP, install the plugin via Trivy’s plugin management system with the command ‘trivy plugin install mcp’. Start the MCP server using ‘trivy mcp’.
Key features
Key features include support for multiple transport options (sse, stdio), customizable server port, and integration with development environments like VSCode.
Where to use
Trivy-MCP can be used in software development environments, particularly for vulnerability scanning in CI/CD pipelines and local development setups.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Trivy Mcp
Trivy-MCP is an experimental plugin that starts an MCP Server, functioning as a gateway to Trivy, a popular open-source vulnerability scanner.
Use cases
Use cases include integrating vulnerability scanning into development workflows, providing real-time feedback on security issues in code, and enhancing security practices in DevOps.
How to use
To use Trivy-MCP, install the plugin via Trivy’s plugin management system with the command ‘trivy plugin install mcp’. Start the MCP server using ‘trivy mcp’.
Key features
Key features include support for multiple transport options (sse, stdio), customizable server port, and integration with development environments like VSCode.
Where to use
Trivy-MCP can be used in software development environments, particularly for vulnerability scanning in CI/CD pipelines and local development setups.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
Trivy MCP Server Plugin
This plugin starts a Model Context Protocol (MCP) server that integrates Trivy’s security scanning capabilities with VS Code and other MCP-enabled tools.
Features
- Natural Language Scanning: Ask questions about security issues in natural language
- Multiple Scan Types:
- Filesystem scanning for local projects
- Container image vulnerability scanning
- Remote repository security analysis
- Integration with Aqua Platform: Optional integration with Aqua Security’s platform for enhanced scanning capabilities
- Flexible Transport: Support for both stdio and SSE (Server-Sent Events) transport protocols
- IDE Integration: Seamless integration with VS Code, Cursor, JetBrains IDEs, and Claude Desktop
Quick Start
Installation
trivy plugin install mcp
Starting the Server
trivy mcp
Documentation
For comprehensive documentation, please see the docs directory:
- Installation Guide
- Quick Start Guide
- Configuration Options
- IDE Integration
- Example Queries
- Authentication
Example Query
After setting up the plugin and configuring your IDE, you can start asking security-related questions:
Are there any vulnerabilities or misconfigurations in this project?
For more examples, see the Example Queries page.
License
MIT License - see the LICENSE file for details.
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
