Trivy MCP
Official Aqua Security Trivy plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin: `trivy plugin install mcp`. Three transport modes (stdio, streamable HTTP, SSE), IDE integration for VS Code, Cursor, JetBrains, and Claude Desktop.
“Official Aqua Security plugin that turns Trivy scanning capabilities into an MCP server. Distributed as a Trivy plugin (trivy plugin install mcp), so installation is one command for teams already running Trivy. 21 releases shipped over the project first year. Star count and recent commit cadence are low; treat as a stable vendor surface; mature feature set with low-cadence maintenance. Optional integration with Aqua Platform for assurance policy compliance for paid Aqua customers. Trivy is the de facto open-source vulnerability scanner for containers, IaC, and SBOM generation. The MCP plugin lets agents ask security questions in natural language (filesystem scans, container image scans, remote repository analysis). Three transport modes: stdio, streamable HTTP, and SSE. Integrates with VS Code, Cursor, JetBrains IDEs, and Claude Desktop.”
INSTALL THIS SERVER
{
"mcpServers": {
"trivy": {
"command": "trivy",
"args": [
"mcp"
]
}
}
}
{
"mcpServers": {
"trivy": {
"command": "trivy",
"args": [
"mcp"
]
}
}
}
{
"mcpServers": {
"trivy": {
"command": "trivy",
"args": [
"mcp"
]
}
}
}
{
"mcpServers": {
"trivy": {
"command": "trivy",
"args": [
"mcp"
]
}
}
}
{
"mcpServers": {
"trivy": {
"command": "trivy",
"args": [
"mcp"
]
}
}
}
4 TOOLS AVAILABLE
OUR ASSESSMENT
- Official Aqua Security org publication.
- MIT license.
- Trivy plugin distribution: trivy plugin install mcp is one command.
- 21 releases shipped (the highest count among security entries in this batch).
- Three transport modes (stdio, streamable HTTP, SSE).
- IDE integration documented for VS Code, Cursor, JetBrains, and Claude Desktop.
- Optional Aqua Platform integration for assurance policies.
- 37 stars; community traction is modest.
- Latest release December 2025, 0 commits in the last 30 days. Active development has paused.
- 0.0.x version line suggests the API surface is still pre-1.0.
- Requires Trivy installed on the host as a prerequisite.
Trivy scans operate locally on the host filesystem and on container images pulled to the host. The MCP server inherits Trivy scanning capabilities while keeping scan results local to the host. For Aqua Platform integration, an Aqua-issued credential authenticates the MCP server to the Aqua Platform. Scanning results may include sensitive paths, package versions, and CVE details; treat scan output as sensitive metadata.
Teams already running Trivy in CI for vulnerability scanning, DevSecOps workflows where the agent runs scans during development alongside PR-time CI, and Aqua Platform customers wanting LLM access to assurance policy compliance.
TECHNICAL DETAILS
ADOPTION METRICS
// Reading this37 stars; the editorial weight is the official aquasecurity org publication and the 21 release tags shipped.
// Reading thisSecond-ranked in security category. Pair with Infisical for a baseline DevSecOps + secrets coverage.
SOURCES & VERIFICATION
We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.
The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.
| Source | Their rating | Their star count | Their downloads | Last synced |
|---|---|---|---|---|
| AutomationSwitch This page | 3.8editorial | 37 | — | APR 29, 2026 |
| PulseMCP | — unrated | unavailable | unavailable | APR 29, 2026 |
| MCP.so | — unrated | unavailable | unavailable | APR 29, 2026 |
| Glama | — unrated | unavailable | unavailable | APR 29, 2026 |
| Smithery | — unrated | unavailable | unavailable | APR 29, 2026 |
| Official MCP Registry | — unrated | unavailable | unavailable | APR 29, 2026 |
// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.
OTHER SECURITY MCP SERVERS
Prowler MCP
Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 13,717 stars, Apache-2.0.
CrowdStrike Falcon MCP
Official CrowdStrike Falcon MCP server. Connect AI agents to CrowdStrike Falcon for automated security analysis and threat hunting. 148 stars and 8 commits on main in the last 30 days.
Auth0 MCP Server
Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. Read-only mode and tool-glob filtering supported. Beta software per Auth0.
HashiCorp Vault MCP
Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal.
AWS IAM MCP
Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode supported via --allow-write opt-in pattern. Apache-2.0 within awslabs/mcp monorepo.
AWS CloudTrail MCP
Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows.
DISCUSS YOUR
MCP REQUIREMENTS.
Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.