trivy

Runs local Trivy scans for container image vulnerabilities, Infrastructure-as-Code security checks, and generates Software Bill of Materials (SBOM).

Add to Your Project

Copy this JSON into your .mcp.json to enable this server

Add to your .mcp.json:

{
  "mcpServers": {
    "trivy": {
      "command": "npx",
      "args": [
        "-y",
        "@aquasecurity/trivy-mcp"
      ]
    }
  }
}

Review these signals before enabling this server

External connections

This server connects to external services. Review the URLs it accesses before enabling.

Server configuration and connection parameters

Commandnpx

Command-line arguments passed to the server process

-y@aquasecurity/trivy-mcp

Stats

LanguagePython

Stars45

Forks8

MaintenanceExcellent

Last CommitMay 23, 2026

Actions

Stats

Actions