Tracecat

Snyk MCP server

Run Snyk SAST, SCA, IaC, container, and SBOM scans from your AI agents.

AppSec
stdio
Official docs

About

Connect Tracecat to Snyk to scan code, dependencies, containers, and infrastructure for AppSec engineers and engineering agents shipping new code. You can run SCA against a manifest or Snyk Code against a source directory and weigh the results side by side. From there, scan container images, generate SBOMs and AI BOMs, and check package health with confidence.

Setup

  1. 1

    Sign in with OAuth

    You'll authorize Tracecat to access Snyk on your behalf. No API keys to manage.

  2. 2

    Select the Snyk tile in the Tracecat MCP catalog

    Open the MCP catalog in your workspace, select the Snyk tile, and complete the OAuth flow.

  3. 3

    Enable Snyk in your agent

    In your ai.agent action or Agents tools tab, select Snyk from the MCP integrations dropdown.

Tools

snyk_sca_scan

Run a Snyk Open Source SCA scan against a project's dependency manifests.

snyk_code_scan

Run a Snyk Code SAST scan against a source directory.

snyk_iac_scan

Scan Terraform, CloudFormation, Kubernetes, or Helm for IaC misconfigurations.

snyk_container_scan

Scan a container image for OS and application vulnerabilities.

snyk_sbom_scan

Generate or scan a software bill of materials in CycloneDX or SPDX.

snyk_aibom

Generate an AI bill of materials for an AI or ML project.

snyk_package_health_check

Check the health, license, and risk profile of an open source package.

snyk_auth

Start an interactive Snyk auth flow from inside the agent.

snyk_logout

Clear local Snyk credentials.

Deploy the Snyk MCP server in minutes

Connect your security agents to 50+ hosted MCP servers.

Self-host free