- Home
- MCP servers
- Trivy
Trivy
- python
10
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
You can run a Python-based MCP server that uses Trivy to scan your projects for security vulnerabilities and automatically apply safe fixes. This MCP server exposes two tools for scanning and patching, and it integrates with Cursor IDE to streamline security checks as you work.
How to use
You interact with the Trivy MCP Server through an MCP client. The server offers two main tools: scan_project and fix_vulnerability. Use scan_project to scan a workspace directory for vulnerabilities, and use fix_vulnerability to update a vulnerable package to a secure version. Start by connecting your MCP client to the server transport you prefer, then run the available tools to manage your project’s security posture.
Practical usage patterns you can follow:
- Start the server and connect your MCP client via the SSE transport on port 54321.
- Use
scan_projectto analyze a specific workspace when you begin work on a project or after dependency changes. - If the scanner reports a vulnerability with a safe target version, run
fix_vulnerabilityto apply the update in your project and re-scan to verify the fix.
How to install
Prerequisites you need before installation:
- Python 3.12 or higher
- Trivy installed on your system
- A development environment where you can create and activate a Python virtual environment
# Create and activate virtual environment
python -m venv .venv
source .venv/bin/activate
# Install dependencies
pip install -r requirements.txt
Start the server using the SSE transport on port 54321. This establishes the MCP connection for your client.
python server.py --transport sse --port 54321
Additional notes
The MCP server includes two explicit endpoints for interaction:
- HTTP endpoint:
http://127.0.0.1:54321/ssefor clients configured to connect over HTTP - STDIO startup: you can run the server locally with the Python command shown above, which uses the standard I/O transport There are two tools exposed by the server:
scan_project: scans a directory for security vulnerabilitiesfix_vulnerability: updates a vulnerable package to a secure version No environment variables are required by default, but you can add them if you need to customize behavior or integration.
Tools and endpoints
The server provides two tools to manage security checks during development.
- scan_project: Scans a directory for security vulnerabilities. Required argument:
workspace- the directory path to scan - fix_vulnerability: Updates a vulnerable package to a secure version. Required arguments:
workspace,pkg_name,target_version
Available tools
scan_project
Scans a directory for security vulnerabilities and reports issues found by Trivy.
fix_vulnerability
Updates a vulnerable package to a secure version based on the scanner's recommendations.