Trivy MCP Server Plugin

This plugin starts a Model Context Protocol (MCP) server that integrates Trivy's security scanning capabilities with VS Code and other MCP-enabled tools.

Features

Natural Language Scanning: Ask questions about security issues in natural language
Multiple Scan Types:
- Filesystem scanning for local projects
- Container image vulnerability scanning
- Remote repository security analysis
Integration with Aqua Platform: Optional integration with Aqua Security's platform for enhanced scanning capabilities and assurance policy compliance
Flexible Transport: Support for both stdio and SSE (Server-Sent Events) transport protocols
IDE Integration: Seamless integration with VS Code, Cursor, JetBrains IDEs, and Claude Desktop

Quick Start

Installation

trivy plugin install mcp

Starting the Server

trivy mcp

Documentation

For comprehensive documentation, please see the docs directory:

Installation Guide
Quick Start Guide
Configuration Options
IDE Integration
Example Queries
Authentication

Example Query

After setting up the plugin and configuring your IDE, you can start asking security-related questions:

Are there any vulnerabilities or misconfigurations in this project?

For more examples, see the Example Queries page.

Demo

In the quick demo below, I cover what Trivy MCP Server can help you achieve. Turn up the volume to hear a running commentary

https://github.com/user-attachments/assets/125791b0-3164-4dcc-8fb3-e45481a9cbf7

License

MIT License - see the LICENSE file for details.