Trivy MCP

by Aqua Security

Official Aqua Security Trivy plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin: `trivy plugin install mcp`. Three transport modes (stdio, streamable HTTP, SSE), IDE integration for VS Code, Cursor, JetBrains, and Claude Desktop.

★ 37·4 tools·Released APR 2025·MIT

trivy plugin install mcp

“Official Aqua Security plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin (trivy plugin install mcp), so installation is one command for teams already running Trivy. 21 releases shipped over the project first year. Star count and recent commit cadence are low; treat as a stable vendor surface; mature feature set with low-cadence maintenance. Optional integration with Aqua Platform for assurance policy compliance for paid Aqua customers. Trivy is the de facto open-source vulnerability scanner for containers, IaC, and SBOM generation. The MCP plugin lets agents ask security questions in natural language (filesystem scans, container image scans, remote repository analysis). Three transport modes: stdio, streamable HTTP, and SSE. Integrates with VS Code, Cursor, JetBrains IDEs, and Claude Desktop.”
Reviewed by M. Nouriel · APR 2026

// Connect

INSTALL THIS SERVER

{
  "mcpServers": {
    "trivy": {
      "command": "trivy",
      "args": [
        "mcp"
      ]
    }
  }
}

PrereqRequires Trivy installed on the host. Install the MCP plugin: `trivy plugin install mcp`. Then run `trivy mcp` to start the server. For Aqua Platform integration, configure Aqua Platform credentials per the Trivy MCP authentication docs. Path: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).

{
  "mcpServers": {
    "trivy": {
      "command": "trivy",
      "args": [
        "mcp"
      ]
    }
  }
}

{
  "mcpServers": {
    "trivy": {
      "command": "trivy",
      "args": [
        "mcp"
      ]
    }
  }
}

{
  "mcpServers": {
    "trivy": {
      "command": "trivy",
      "args": [
        "mcp"
      ]
    }
  }
}

{
  "mcpServers": {
    "trivy": {
      "command": "trivy",
      "args": [
        "mcp"
      ]
    }
  }
}

// Tools

4 TOOLS AVAILABLE

filesystem_scan

Vulnerability and misconfiguration scan of a local directory

Read

container_image_scan

Scan an OCI container image (local or remote registry)

Read

remote_repository_scan

Scan a remote git repository for vulnerabilities and misconfigurations

Read

// Editorial Review

OUR ASSESSMENT

Strengths

Official Aqua Security org publication.
MIT license.
Trivy plugin distribution: trivy plugin install mcp is one command.
21 releases shipped (the highest count among security entries in this batch).
Three transport modes (stdio, streamable HTTP, SSE).
IDE integration documented for VS Code, Cursor, JetBrains, and Claude Desktop.
Optional Aqua Platform integration for assurance policies.

Weaknesses

37 stars; community traction is modest.
Latest release December 2025, 0 commits in the last 30 days. Active development has paused.
0.0.x version line suggests the API surface is still pre-1.0.
Requires Trivy installed on the host as a prerequisite.

Security Notes

Trivy scans operate locally on the host filesystem and on container images pulled to the host. The MCP server inherits Trivy scanning capabilities while keeping scan results local to the host. For Aqua Platform integration, an Aqua-issued credential authenticates the MCP server to the Aqua Platform. Scanning results may include sensitive paths, package versions, and CVE details; treat scan output as sensitive metadata.

Best For

Teams already running Trivy in CI for vulnerability scanning, DevSecOps workflows where the agent runs scans during development alongside PR-time CI, and Aqua Platform customers wanting LLM access to assurance policy compliance.

// Technical

TECHNICAL DETAILS

Language

Transport

stdiostreamable-httpsse

Clients

Claude DesktopClaude CodeCursorVS CodeWindsurf

License

MIT

GitHub

aquasecurity/trivy-mcp · ★ 37

npm

trivy-mcp

Last Release

v0.0.20DEC 17, 2025

First Released

APR 24, 2025

// Adoption

ADOPTION METRICS

// GitHub Stars

// Reading this37 stars; the editorial weight is the official aquasecurity org publication and the 21 release tags shipped.

// Popularity Rank

#22

Globally · #2 in Security

// Reading thisSecond-ranked in security category. Pair with Infisical for a baseline DevSecOps + secrets coverage.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

Discovered

Manual submission

First indexed APR 29, 2026

Cross-referenced

5 directories

PulseMCP, MCP.so, Glama, Smithery, Official MCP Registry

Verified against

Claude Desktop, Cursor, VS Code, JetBrains IDEs

Installed and tested across clients

Last re-checked

APR 29, 2026

Weekly re-verification

// How other directories see it

The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

Source	Their rating	Their star count	Their downloads	Last synced
AutomationSwitch This page	3.8editorial	37	—	APR 29, 2026
PulseMCP	— unrated	unavailable	unavailable	APR 29, 2026
MCP.so	— unrated	unavailable	unavailable	APR 29, 2026
Glama	— unrated	unavailable	unavailable	APR 29, 2026
Smithery	— unrated	unavailable	unavailable	APR 29, 2026
Official MCP Registry	— unrated	unavailable	unavailable	APR 29, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER SECURITY MCP SERVERS

Vendor4

Infisical MCP

Infisical

Official Infisical MCP server for secrets management. 10 tools cover the full secret lifecycle plus project, environment, folder, and member management. Two authentication methods (machine identity universal-auth and access-token), self-hostable instance support via INFISICAL_HOST_URL.

10 tools★ 45

Vendor3.7

Okta MCP Server

Okta

Official Okta IAM MCP. Full CRUD on users, groups, applications, and policies via the Okta Python SDK. Two authentication methods (Device Authorization Grant for interactive use, Private Key JWT for server-to-server) and integration with the MCP Elicitation API for confirming destructive operations.

6 tools★ 31

// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →

Trivy MCP

INSTALL THIS SERVER

4 TOOLS AVAILABLE

OUR ASSESSMENT

TECHNICAL DETAILS

ADOPTION METRICS

SOURCES & VERIFICATION

OTHER SECURITY MCP SERVERS

Infisical MCP

Okta MCP Server

DISCUSS YOURMCP REQUIREMENTS.

DISCUSS YOUR
MCP REQUIREMENTS.