-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathmanifest.json
More file actions
123 lines (123 loc) · 4.92 KB
/
manifest.json
File metadata and controls
123 lines (123 loc) · 4.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
{
"manifest_version": "0.3",
"name": "Snyk Security",
"version": "1.1302.1",
"description": "Easily find and fix security issues in your applications leveraging Snyk platform capabilities.",
"long_description": "Snyk MCP enables AI assistants to perform comprehensive security scanning on code, dependencies, infrastructure, and containers. Integrate Snyk's security capabilities directly into your AI-assisted development workflow to proactively identify and fix vulnerabilities during code generation and review.\n\nSupported scanning types:\n- **SAST (Static Application Security Testing)**: Analyze source code for security vulnerabilities\n- **SCA (Software Composition Analysis)**: Detect vulnerabilities in open source dependencies\n- **IaC (Infrastructure as Code)**: Find security misconfigurations in cloud infrastructure\n- **Container Security**: Scan container images for vulnerabilities\n- **SBOM/AIBOM**: Generate and test Software/AI Bills of Materials",
"author": {
"name": "Snyk",
"url": "https://snyk.io"
},
"homepage": "https://snyk.io",
"documentation": "https://docs.snyk.io",
"support": "https://support.snyk.io",
"icon": "icon.png",
"server": {
"type": "node",
"entry_point": "node_modules/snyk/bin/snyk",
"mcp_config": {
"command": "${__dirname}/node_modules/snyk/bin/snyk",
"args": [
"mcp",
"-t",
"stdio"
],
"env": {
"SNYK_TOKEN": "${user_config.snyk_token}"
}
}
},
"user_config": {
"snyk_token": {
"type": "string",
"title": "Snyk API Token",
"description": "Optional. Authenticate interactively using the snyk_auth tool (recommended), or paste your Snyk API token from https://app.snyk.io/account as a fallback.",
"sensitive": true,
"required": false
}
},
"tools": [
{
"name": "snyk_version",
"description": "Displays the installed Snyk CLI version."
},
{
"name": "snyk_auth",
"description": "Authenticates the user with Snyk by storing an API token locally."
},
{
"name": "snyk_logout",
"description": "Logs out of the current Snyk account by clearing the locally stored authentication token."
},
{
"name": "snyk_trust",
"description": "Trusts a given folder to allow Snyk to scan it."
},
{
"name": "snyk_code_scan",
"description": "Performs Static Application Security Testing (SAST) by analyzing source code to identify security vulnerabilities without executing the code."
},
{
"name": "snyk_sca_scan",
"description": "Analyzes projects for open-source vulnerabilities and license compliance issues by inspecting manifest files to understand dependencies and querying the Snyk vulnerability database."
},
{
"name": "snyk_iac_scan",
"description": "Analyzes Infrastructure as Code (IaC) files for security misconfigurations across Terraform, Kubernetes, CloudFormation, and ARM templates."
},
{
"name": "snyk_container_scan",
"description": "Scans container images for known vulnerabilities in OS packages and application dependencies."
},
{
"name": "snyk_sbom_scan",
"description": "Analyzes an existing SBOM file for known vulnerabilities in its open-source components."
},
{
"name": "snyk_aibom",
"description": "Generates an AI Bill of Materials (AIBOM) for Python software projects in CycloneDX format, identifying AI models, datasets, and tools."
},
{
"name": "snyk_send_feedback",
"description": "Reports the delta of Snyk issues prevented or fixed during a session for tracking security improvements."
}
],
"tools_generated": true,
"prompts": [
{
"name": "security_code_review",
"description": "Perform a security-focused code review",
"arguments": ["path"],
"text": "Use the snyk_code_scan tool to scan ${arguments.path} for security vulnerabilities. Identify any issues found and suggest fixes."
},
{
"name": "scan_dependencies",
"description": "Scan project dependencies for security vulnerabilities",
"arguments": ["path"],
"text": "Use the snyk_sca_scan tool to scan ${arguments.path} for dependency vulnerabilities. Report any critical or high severity issues found."
},
{
"name": "fix_vulnerabilities",
"description": "Scan and fix security vulnerabilities in the project",
"arguments": ["path"],
"text": "Use the snyk_code_scan and snyk_sca_scan tools to scan ${arguments.path} for security vulnerabilities, then automatically fix any issues that have available remediation."
}
],
"keywords": [
"security",
"sast",
"sca",
"iac",
"container",
"vulnerability",
"scanning",
"devsecops",
"ai"
],
"license": "Apache-2.0",
"privacy_policies": ["https://snyk.io/policies/privacy/"],
"repository": {
"type": "git",
"url": "https://github.com/snyk/studio-mcp"
}
}