MCP Cursor

Enhance your development workflow with AI-powered MCP tools and extensions for Cursor IDE.

Product

  • MCP Servers
  • Getting Started
  • Documentation
  • Open Source

Resources

  • MCP Specification
  • Cursor IDE
  • MCP GitHub
  • Contributing

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
Made withfor the developer community
Ā© 2025 MCP Cursor. All rights reserved.
MCP Logo
MCP Cursor
IntroductionMCPs
IntroductionMCPs
3D MCP Cursor Visualization
  1. Home
  2. Servers
  3. Trivy Security Scanner MCP
Trivy Security Scanner MCP Logo

Trivy Security Scanner MCP

Model Context Protocol Integration

Overview

Integrates with Trivy to provide vulnerability scanning and automated remediation for projects across multiple programming languages and package managers.

Trivy Security Scanner

Integrates with Trivy to provide vulnerability scanning and automated remediation for projects across multiple programming languages and package managers.

Installation Instructions

README: https://github.com/norbinsh/cursor-mcp-trivy

Trivy Security Scanner MCP Server

A Model Context Protocol (MCP) server that provides Trivy security scanning capabilities through a standardized interface.

āš ļø Note: This is a proof of concept project to demonstrate the integration capabilities between MCP, Cursor IDE, and Trivy. It's intended for experimentation and learning purposes only and is not production-ready. Use at your own risk.

Features

  • šŸ” Project Scanning: Automatically scan your project directory for security vulnerabilities using Trivy
  • šŸ› ļø Automated Fixes: Automatically update vulnerable dependencies to secure versions
  • šŸ“¦ Multi-Package Support: Handles multiple package managers (Python, Node.js, Ruby, Go)

Demo

Demo

Architecture

ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”     ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”     ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”
ā”‚  Cursor IDE ā”‚ --> ā”‚   MCP Server ā”‚ --> ā”‚    Trivy    ā”‚
ā”‚  (Composer) ā”‚     ā”‚              ā”‚     ā”‚             ā”‚
ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜     ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜     ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜

Prerequisites

  • Python 3.12 or higher
  • Trivy installed on your system: 
    # macOS
brew install trivy

Installation

# Create and activate virtual environment
python -m venv .venv
source .venv/bin/activate

# Install dependencies
pip install -r requirements.txt

Usage

Start the server using SSE transport:

# Using SSE transport (default)
python server.py --transport sse --port 54321

The server exposes two tools:

  1. scan_project: Scans a directory for security vulnerabilities

    • Required argument: workspace - The directory path to scan

  2. fix_vulnerability: Updates a vulnerable package to a secure version

    • Required arguments:
      • workspace - The directory to modify
      • pkg_name - Name of the package to update
      • target_version - Version to update to

Using with Cursor IDE

  1. Start the server with SSE transport:

    python server.py --transport sse --port 54321

  2. Configure in Cursor:

    • Open Settings
    • Go to Features > MCP Servers
    • Add: http://127.0.0.1:54321/sse

  3. Add the following to your .cursorrules file, create it if you don't have one yet:

    After making changes in any of the package dependency/manifest files, scan the project for security vulnerabilities.
Fixes should only be according to the desired version reported by the scanner.
If the scanner reports a fix unrelated to our change, ignore it.
After performing the fix, scan the project for security vulnerabilities again.

    This configuration will:

    • Automatically trigger a security scan when any dependency file is modified
    • Help identify vulnerabilities as soon as new dependencies are added
    • Ensure your project stays secure throughout development

    if you want to use the tool manually, you can use prompt the agent to use the tool with the following prompt through the composer interface:

    Please scan my project for security vulnerabilities

Why MCP?

MCP (Model Context Protocol) exists to solve a fundamental problem in working with large language models (LLMs): how to efficiently and consistently connect these models to external data sources and tools.

Learn more at modelcontextprotocol.io.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

MIT License

Acknowledgments

  • Model Context Protocol
  • Trivy
  • Cursor IDE

Featured MCPs

Github MCP - Model Context Protocol for Cursor IDE

Github

This server provides integration with Github's issue tracking system through MCP, allowing LLMs to interact with Github issues.

Sequential Thinking MCP - Model Context Protocol for Cursor IDE

Sequential Thinking

An MCP server implementation that provides a tool for dynamic and reflective problem-solving through a structured thinking process. Break down complex problems into manageable steps, revise and refine thoughts as understanding deepens, and branch into alternative paths of reasoning.

Puppeteer MCP - Model Context Protocol for Cursor IDE

Puppeteer

A Model Context Protocol server that provides browser automation capabilities using Puppeteer. This server enables LLMs to interact with web pages, take screenshots, execute JavaScript, and perform various browser-based operations in a real browser environment.