@symbioticsec/symbiotic-mcp-server

v1.0.1

Published

18 days ago

Symbiotic CLI MCP Server for security scanning and analysis

Downloads

378

0High
0Medium
0Low

symbioticsec

symbiotic mcp security scanning trivy opengrep cursor claude ai model-context-protocol

Symbiotic MCP Server

A Model Context Protocol (MCP) server for security analysis using Symbiotic CLI

Description

This server exposes security analysis tools via the MCP protocol for any MCP-compatible client. It allows scanning code and infrastructure files without affecting your workspace.

Available Tools

code_scan_files - Static code analysis
infra_scan_files - Infrastructure security scanning
security_scan_files - Comprehensive security scan (code + infrastructure)
get_supported_languages - List of supported programming languages

Cursor Integration

Setting up the Security Review Command

Create a .cursor directory in your project root if it doesn't exist
Create or update .cursor/commands/security-review.md with the contents of security-review.md

Using the Command

Open the chat panel in Cursor (Cmd+L or Ctrl+L)
Type /security-review followed by optional file paths or glob patterns
The command will perform a comprehensive security analysis, including:
- Scanning selected files or the entire workspace
- Analyzing for security vulnerabilities
- Triaging findings and filtering false positives
- Providing a detailed report with severity levels and remediation suggestions
- Offering to apply automatic fixes for identified issues

Installation

Install symbiotic-cli

https://github.com/SymbioticSec/cli/releases

Get API token

Create an account on Symbiotic Security and retrieve your API token.

Build and start

Clone this repository and install dependencies:

npm install
npm run build

MCP Configuration

In VSCode, open MCP: Open User Configuration and add in servers:

{
 "servers": {
  "symbiotic-security": {
       "command": "node",
      "args": ["path/to/build/index.js"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here",
    }
  },
}

Configuration for other MCP clients may vary but generally follows the same structure.

{
  "mcpServers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path/to/build/index.js"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      }
    }
  }
}

Important environment variables:

SYMBIOTIC_API_TOKEN (required) - Your Symbiotic API token

Note: Configuration file name and location may vary depending on your MCP client.

Transport Modes

STDIO (default) - Standard communication for MCP
SSE - Server-Sent Events over HTTP
Streamable HTTP - HTTP with /mcp endpoint

# STDIO (default)
node build/index.js

# HTTP server on port 9593
SERVER_PORT=9593 node build/index.js

Authentication

The server requires a valid Symbiotic Security API token. Configuration is done via MCP environment variables.

Minimal required configuration:

"env": {
  "SYMBIOTIC_API_TOKEN": "your_token_here"
}

How It Works

Receives code files via MCP
Creates temporary files
Executes symbiotic-cli
Automatic cleanup of temporary files
Returns formatted results