scanrook-mcp
v1.0.0
Published
MCP server for ScanRook vulnerability scanning
Maintainers
Readme
ScanRook MCP Server
An MCP (Model Context Protocol) server that gives AI assistants vulnerability scanning capabilities via ScanRook.
Tools
| Tool | Description |
|------|-------------|
| scan_image | Scan a Docker/OCI image for vulnerabilities |
| scan_status | Check scan progress and results |
| get_findings | Get detailed vulnerability findings |
| search_cve | Look up a specific CVE |
| list_scans | List recent scans |
| analyze_licenses | Check license compliance |
| compare_scans | Compare findings between two scans |
| check_package | Check a package for known vulnerabilities |
Setup
Install
npm install -g scanrook-mcpConfigure
Set your ScanRook API key:
export SCANROOK_API_KEY="your-api-key"
export SCANROOK_API_URL="https://scanrook.io" # optional, defaults to scanrook.ioUse with Claude Code
Add to your Claude Code MCP settings:
{
"mcpServers": {
"scanrook": {
"command": "scanrook-mcp",
"env": {
"SCANROOK_API_KEY": "your-api-key"
}
}
}
}Use with Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"scanrook": {
"command": "npx",
"args": ["scanrook-mcp"],
"env": {
"SCANROOK_API_KEY": "your-api-key"
}
}
}
}Examples
Once connected, you can ask your AI assistant:
- "Scan nginx:1.27 for vulnerabilities"
- "What's the status of my last scan?"
- "Show me the critical findings"
- "Is CVE-2024-0727 in my image?"
- "Check if lodash 4.17.20 has any known vulnerabilities"
- "Compare my latest scan with last week's scan"
- "Analyze the licenses in my last scan"
Environment Variables
| Variable | Default | Description |
|----------|---------|-------------|
| SCANROOK_API_KEY | (required) | Your ScanRook API key |
| SCANROOK_API_URL | https://scanrook.io | ScanRook API base URL |
