MCP Recipe for Container Vulnerability Scanning.
Pipelines scanned, base images audited, vulnerability records created, remediation tracked , manage your container security without a CSPM tool
Works with every AI agent you already use
…and any MCP-compatible client
Waiting for input…
Gemini How It Works
Your AI agent reads GitLab pipelines: the latest security scan for `api-server` flagged 3 vulnerabilities. It reads the Dockerfile from the repository , base image is `node:18.15-alpine`, published 14 months ago.
The latest `node:18` LTS is `18.20-alpine`. That is 5 minor versions behind. The agent checks Docker Hub: the production image `acme/api-server:v2.14.3` was built on this stale base.
For the `worker` service, the base image is `python:3.11.4-slim`, which is 8 months old , `3.11.9-slim` is current. It creates Airtable records: 'VUL-001: api-server base image 14 months stale (node:18.15 18.20).
Severity: High. Owner: @platform. Status: Open.' 'VUL-002: worker base image 8 months stale (python:3.11.4 3.11.9). Severity: Medium. Owner: @backend. Status: Open.' Each record has the image name, current version, latest version, days since last update, and a link to the GitLab pipeline.
The Airtable board becomes your security tracker , filter by severity, filter by owner, track resolution over time.
MCP Server Orchestration: 3 MCP Servers, one intelligent agent
Connect GitLab, Docker Hub and Airtable MCP servers so your AI agent reads your GitLab CI pipeline results, audits Docker Hub images for stale base images and known-vulnerable packages, and maintains a vulnerability tracking database in Airtable with severity, remediation status and owner. Security-conscious teams who cannot afford a full CSPM platform get a lightweight container security workflow. No enterprise security tooling required. One prompt and your container security posture is documented.
Gitlab
triggerReads CI pipeline security scan results and merge requests
list_project_pipelines list_merge_requests get_repository_file list_visible_projects Docker Hub
actionAudits image tags, base image age and repository metadata
list_tags get_tag get_repository list_repositories Airtable
actionMaintains vulnerability tracking records with remediation status
create_records list_records get_record list_bases Run This Automation Today
Connect Claude, ChatGPT, Cursor, or any AI agent to the Vinkius catalog and run this automation in minutes.
Build Your Own MCP
Turn any internal API into an MCP server. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Connect & Automate
The 3 servers this recipe uses are ready in the catalog. Connect them once, paste a prompt, and your AI runs the full workflow.
- Gitlab, Docker Hub & Airtable ready in the catalog right now
- Add more from 4,700+ servers whenever you need
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers and recipes added every week
Superpowers you didn't know your AI had
The Vinkius catalog gives your agent access to 4,700+ MCP servers and the intelligence to combine them. Imagine never logging into another dashboard. Your AI handles the work across every tool, in one conversation. That's what this infrastructure was built for.
Cross-Platform Intelligence
Your agent doesn't just connect to tools. It understands the relationships between them. Data flows where it needs to go, automatically, with full context preserved across every platform.
Contextual Reasoning
Every decision your agent makes considers the full picture. It reads CRM data, checks calendars, reviews conversation history, and acts on everything at once. Not step by step. All at once.
Productivity at Scale
What used to take 45 minutes across five different dashboards now takes one sentence. Your agent runs the entire workflow end to end while you focus on decisions that actually matter.
Zero-Config Reliability
No API keys to paste. No webhooks to configure. No YAML to debug. Connect your MCP servers once, and your agent handles the rest. Every time, without intervention.
Made for
exactly this
Your AI agent taps into the entire Vinkius MCP catalog to handle these for you. You describe what you need. It does the rest.
Engineering teams who need container security auditing but cannot justify the cost of enterprise CSPM tools like Snyk or Prisma Cloud
Platform engineers responsible for base image updates who need automated staleness detection across all services
Compliance officers who need documented vulnerability tracking with remediation timelines for audit purposes
Small security teams who need a lightweight vulnerability management workflow without building a custom dashboard
Frequently Asked Questions About This MCP Server Orchestration
Which MCP servers do I need for this workflow?
Three: GitLab, Docker Hub and Airtable. Connect all three to your AI client.
Does this work with Claude Desktop, Cursor or Windsurf?
Yes. Any AI client that supports the Model Context Protocol works , Claude Desktop, Cursor, Windsurf, Cline and others.
Can I use GitHub instead of GitLab?
Yes. Replace the GitLab MCP server with the GitHub MCP server. The agent reads Dockerfiles and CI results from GitHub instead.
Does this replace a vulnerability scanner like Snyk?
It complements scanners by providing base image staleness detection and remediation tracking. For CVE-level scanning, pair with a dedicated scanner.
Can I use Google Sheets instead of Airtable?
Yes. Replace the Airtable MCP server with Google Sheets. You lose the structured database view but gain spreadsheet flexibility.
How often should I run the audit?
Weekly is a good cadence. Base images do not change daily, but vulnerabilities are disclosed regularly. A weekly audit catches new staleness before it becomes critical.
Debug CI Pipeline Failures Faster Using MCP
Your CI pipeline takes 47 minutes and nobody knows which step is the bottleneck , your AI agent analyzes every build, identifies the slow steps, and posts a weekly efficiency report
MCP Servers That Auto-Generate Pipeline Docs
Pipeline fails tracked, documentation cross-checked, team notified , engineering visibility without status meetings
Track Engineering Metrics Using MCP Servers
Merge request velocity measured, pipeline success rates tracked, cycle time calculated, team metrics published , build your DORA dashboard without a BI tool
Deploy Containers to Production Using MCP
Code pushed, images built, tags verified, deploys triggered, status reported , ship containers from commit to production in one prompt
MCP Servers to Find Abandoned Docker Images
Your production image is 2.3GB and nobody knows why , it was 400MB two years ago but 47 engineers added 'just one more dependency' and now your deploy takes 12 minutes to pull
MCP Workflow for Container Build Monitoring
Pipelines monitored, build times tracked, image sizes audited, flaky steps flagged , keep your CI healthy without watching build logs
MCP servers used in this workflow
GitLab
GitLab MCP Server connects your entire development ecosystem to your AI client. Use it to list projects, check CI/CD pipeline status, track open issues, and read file contents across your entire GitLab instance. It lets your agent manage the full DevSecOps lifecycle—from initial issue creation to final deployment—all via natural conversation. It's your central hub for project metadata and code visibility.
Docker Hub
Docker Hub MCP Server lets you manage all your container images directly through your AI agent. You can list repositories, search community images, check available tags, and even create or update your own repos without opening the website. It gives your agent the ability to act as a dedicated container registry assistant for full image lifecycle control.
Airtable
Airtable connects your structured data bases to your AI agent. Use it to query records, read schemas, update spreadsheets, and build automated workflows directly through chat. You can list bases, query specific records, or bulk-add data without leaving your chat client.