This plugin starts a Model Context Protocol (MCP) server that integrates Trivy's security scanning capabilities with VS Code and other MCP-enabled tools.

• Natural Language Scanning: Ask questions about security issues in natural language
• Multiple Scan Types:
  • Filesystem scanning for local projects
  • Container image vulnerability scanning
  • Remote repository security analysis
• Integration with Aqua Platform: Optional integration with Aqua Security's platform for enhanced scanning capabilities and assurance policy compliance
• Flexible Transport: Support for both stdio and SSE (Server-Sent Events) transport protocols
• IDE Integration: Seamless integration with VS Code, Cursor, JetBrains IDEs, and Claude Desktop

trivy plugin install mcp

trivy mcp

For comprehensive documentation, please see the docs directory:

• Installation Guide
• Quick Start Guide
• Configuration Options
• IDE Integration
  • VS Code
  • Cursor
  • JetBrains IDE
  • Claude Desktop
• Example Queries
• Authentication

After setting up the plugin and configuring your IDE, you can start asking security-related questions:

Are there any vulnerabilities or misconfigurations in this project?

For more examples, see the Example Queries page.

In the quick demo below, I cover what Trivy MCP Server can help you achieve. Turn up the volume to hear a running commentary

MIT License - see the LICENSE file for details.