T

Trivy

Scan images and repos for vulnerabilities with Trivy.

·No reviews yet
Repo
Share:

About

Auto-generated

Trivy is a Model Context Protocol server in the Developer Tools category. It lets AI assistants that speak MCP call its tools and read its resources over STDIO.

Example tools

Illustrative tool names — the actual tool set is defined by the server at runtime.

list_resources
Enumerate resources exposed by this MCP
get_resource
Fetch a resource by ID
invoke
Invoke the primary action of this MCP

Screenshots

No screenshots yet.

Frequently Asked Questions

Common questions about Trivy.

What is the primary function of the Trivy MCP?
The Trivy MCP allows users to scan container images and code repositories for security vulnerabilities. It identifies known issues in dependencies and operating system packages to help secure your software supply chain.
How can I install the Trivy MCP in a client such as Cursor?
Installation in clients like Cursor typically involves navigating to the MCP client's extension or plugin marketplace. Search for 'Trivy' and follow the prompts to add it to your environment. Specific steps may vary by client.
Does the Trivy MCP require API keys or other credentials?
No, the Trivy MCP does not require API keys or other credentials for its core functionality. It operates locally or communicates via standard I/O, as indicated by its 'none' authentication type and 'stdio' transport.
What are the key capabilities exposed by the Trivy MCP?
The Trivy MCP primarily provides vulnerability scanning capabilities for container images and source code repositories. It leverages the underlying Trivy tool to detect a broad range of security issues and misconfigurations.
Is there a cost associated with using the Trivy MCP?
The Trivy MCP itself operates on the open-source Trivy project, making its use generally free. However, any associated infrastructure costs for running scans or storing results would depend on your specific deployment environment.
What are some limitations of using the Trivy MCP?
A realistic limitation is that it relies on publicly available vulnerability databases, which may not always include the very latest or proprietary security intelligence. Its effectiveness also depends on maintaining up-to-date vulnerability data.

Install Trivy

Claude Desktop

Add this to claude_desktop_config.json.

{
  "mcpServers": {
    "trivy": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-trivy"
      ]
    }
  }
}

Cursor

Add this to ~/.cursor/mcp.json.

{
  "mcpServers": {
    "trivy": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-trivy"
      ]
    }
  }
}

VS Code

Add this to your workspace settings.json.

{
  "mcp.servers": {
    "trivy": {
      "type": "stdio",
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-trivy"
      ]
    }
  }
}

Reviews

Sign in to leave a review.

No reviews yet. Be the first!

Discussion(0)

Sign in to join the discussion.

No comments yet.