# Snyk MCP Connector MCP

> Snyk MCP connects your entire security dashboard directly to your AI agent. Diagnose code vulnerabilities, track project metadata, and investigate specific CVE reports without leaving your editor. Stop jumping through tabs; ask your AI client about your full organizational vulnerability footprint in plain language.

## Overview
- **Category:** fort-knox
- **Price:** Free
- **Tags:** code-security, cve-scanning, devsecops, container-security, dependency-analysis, vulnerability-management

## Description

Dealing with security issues means constant context switching. You pull up the Snyk dashboard, then open your IDE, then check Jira—just to find out if a build failure was caused by an outdated dependency or a configuration gap. This MCP changes that. It lets your AI agent talk directly to your full vulnerability data set. Instead of navigating complex dashboards and searching reports manually, you ask questions like, 'What critical flaws exist in my core backend?' The AI runs the query across all your projects and immediately gives you an actionable summary. If you’re building a workflow that relies on external services, knowing where to find secure tooling matters; connecting this security data via Vinkius's catalog makes it simple. You can check which dependencies are causing problems, review organizational members, or even pull the latest billing usage stats—all from a single natural language prompt.

## Tools

### get_billing_info
Provides the latest billing details and financial information for your organization.

### get_issue_details
Retrieves specific remediation steps and technical details for one identified security issue.

### get_project_details
Retrieves detailed information about a single, named project.

### get_usage_stats
Retrieves current usage statistics, like scan counts or resource consumption totals.

### list_integrations
Displays all external services currently connected and feeding data into your account.

### list_issues
Shows all security issues associated with a particular project codebase.

### list_organization_members
Lists every user member belonging to the current Snyk organization.

### list_organizations
Gets a list of all Snyk organizations linked to your account.

### list_projects
Lists every project active within a specific organization.

## Prompt Examples

**Prompt:** 
```
Check Snyk and summarize all critical security vulnerabilities currently found in the main backend project.
```

**Response:** 
```
I scanned 'Core Backend' (ID: `a1b2c3`) using the `list_issues` action path. You have **2 Critical Issues** flagged:

1. **Arbitrary File Write via Archive Extraction (Zip Slip)** - Found in `adm-zip@0.4.11` 
2. **Prototype Pollution** - Found in `lodash@4.17.15`

Would you like me to inspect 'Prototype Pollution' using `get_issue_details` to view the recommended fix paths?
```

**Prompt:** 
```
Display our organization's current integration links on Snyk. What are we attached to?
```

**Response:** 
```
Triggering the `list_integrations` routine... 
Your organization (`org_123_abc`) has 3 active pipelines feeding into Snyk:
- **GitHub Enterprise** (Source Control)
- **AWS ECR** (Container Registry)
- **Slack** (Alert Hook Notification)

All connections appear functional on the organizational tier.
```

**Prompt:** 
```
Draw a markdown table checking the team member roles in the DevOps organization.
```

**Response:** 
```
I've pulled the organizational data through `list_organization_members` for the **DevOps Core** tenant:

| Member Name | Associated Email | Snyk Role |
| --- | --- | --- |
| Alex Mercer | a.mercer@company.co | `Admin` |
| Sarah Chen | s.chen@company.co | `Collaborator` |
| Marc Johnson | m.johnson@company.co | `Viewer` |

Total count: 3 members mapped directly.
```

## Capabilities

### Discover Codebases and Configurations
Find all application projects within your organization and retrieve specific details about their current setup.

### Analyze Flaws and Fixes
Instantly list known security issues for a project, then fetch detailed remediation steps for any single flaw you identify.

### Audit Organizational Structure
List all organizations connected to Snyk, view who belongs to them, and see the roles of every team member.

### Monitor System Health
Check active integrations feeding data into your account or retrieve current usage statistics and billing limits.

## Use Cases

### Debugging a Failed Container Build
A developer notices a container build failed and suspects an outdated dependency. They ask their agent to run `list_issues` for the project, which immediately flags the specific faulty package version, allowing them to patch it without deep manual searching.

### Onboarding a New Team Member
The system admin needs to verify permissions for a new hire. They ask their agent to run `list_organization_members`, quickly generating a table view of all current users and verifying the necessary roles before granting access.

### Pre-Merge Code Review
A security engineer needs to approve a PR. They instruct their agent to check for critical CVEs using `get_issue_details` on a specific flaw, getting the exact recommended fix path directly into their review notes.

### Quarterly Budget Review
The operations lead needs to check compliance and costs. They ask the agent for `get_billing_info` and `get_usage_stats`, getting a summarized report that confirms they haven't exceeded their scan cap.

## Benefits

- Stop manually checking the Snyk UI. You can now query specific flaw details using `get_issue_details` and get actionable remediation steps instantly within your chat window.
- Audit team membership efficiently. Instead of navigating roles in a dashboard, ask for an organizational member list using `list_organization_members` to see everyone's role at a glance.
- Know exactly what you’re paying for. Use `get_usage_stats` and `get_billing_info` to pull current usage limits and billing details without logging into the finance section.
- See your whole software landscape in one view. Listing projects using `list_projects` helps you map out every active codebase across all connected organizations.
- Maintain full visibility on infrastructure connections. Use `list_integrations` to see every tool—like GitHub or AWS ECR—that is actively feeding data into Snyk.

## How It Works

The bottom line is that you talk naturally about complex security data and get structured answers back instantly.

1. Subscribe to this MCP connection and provide your personal Snyk API token.
2. Connect your AI client (Claude, Cursor, etc.) to the Vinkius Marketplace.
3. Ask your agent a specific security question, like 'Show me all critical issues in Project X.' The agent executes the necessary query.

## Frequently Asked Questions

**How do I find all my services using Snyk MCP?**
You use `list_projects` to get a comprehensive list of every single codebase. This helps you map out your entire software footprint quickly.

**Can I check who the system admins are using Snyk MCP?**
Yes, running `list_organization_members` provides a clean table showing all members and their associated roles within the organization.

**Does Snyk MCP help with billing questions?**
Absolutely. You can query both `get_usage_stats` for current consumption metrics and `get_billing_info` to get detailed financial reports without logging into the finance section.

**How do I find vulnerability details using Snyk MCP?**
First, run `list_issues` on a project ID. Then, use `get_issue_details` with the specific flaw's ID to get deep remediation steps.

**What if I want to see what services are connected?**
Use `list_integrations`. This tool displays all external pipelines—like GitHub or AWS ECR—that are currently feeding data into your account, confirming connectivity health.