Supports scanning and fixing vulnerable dependencies in Node.js projects.
Supports scanning and fixing vulnerable dependencies in Python projects.
Supports scanning and fixing vulnerable dependencies in Ruby projects.
Provides security scanning capabilities for projects, automatically scanning directories for vulnerabilities and offering automated fixes to update vulnerable dependencies to secure versions across multiple package managers.
A Model Context Protocol (MCP) server that provides Trivy security scanning capabilities through a standardized interface.
⚠️ Note: This is a proof of concept project to demonstrate the integration capabilities between MCP, Cursor IDE, and Trivy. It's intended for experimentation and learning purposes only and is not production-ready. Use at your own risk.
🔍 Project Scanning: Automatically scan your project directory for security vulnerabilities using Trivy
🛠️ Automated Fixes: Automatically update vulnerable dependencies to secure versions
📦 Multi-Package Support: Handles multiple package managers (Python, Node.js, Ruby, Go)
Python 3.12 or higher
Trivy installed on your system:
Start the server using SSE transport:
The server exposes two tools:
scan_project: Scans a directory for security vulnerabilities
Required argument: workspace - The directory path to scan
fix_vulnerability: Updates a vulnerable package to a secure version
Required arguments:
workspace - The directory to modify
pkg_name - Name of the package to update
target_version - Version to update to
Start the server with SSE transport:
Configure in Cursor:
Open Settings
Go to Features > MCP Servers
Add: http://127.0.0.1:54321/sse
Add the following to your .cursorrules file, create it if you don't have one yet:
This configuration will:
Automatically trigger a security scan when any dependency file is modified
Help identify vulnerabilities as soon as new dependencies are added
Ensure your project stays secure throughout development
if you want to use the tool manually, you can use prompt the agent to use the tool with the following prompt through the composer interface:
MCP (Model Context Protocol) exists to solve a fundamental problem in working with large language models (LLMs): how to efficiently and consistently connect these models to external data sources and tools.
Learn more at modelcontextprotocol.io.
Contributions are welcome! Please feel free to submit a Pull Request.
MIT License
This server cannot be installed
local-only server
The server can only run on the client's local machine because it depends on local resources.
Provides Trivy security scanning capabilities through a standardized interface, allowing users to scan projects for vulnerabilities and automatically fix them by updating dependencies.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/norbinsh/cursor-mcp-trivy'
If you have feedback or need assistance with the MCP directory API, please join our Discord server