StackMCP

Set up Trivy MCP in Claude Code

Container image scanning, filesystem vulnerability detection, and infrastructure misconfiguration analysis. Official Aqua Security implementation.

1

Locate the config file

Claude Code reads MCP server configuration from the following file:

~/.claude.json

Create this file if it does not already exist.

2

Add the configuration

You can configure Trivy MCP using the CLI command or by editing the config file directly.

Option A: CLI command

bash
claude mcp add trivy-mcp -- trivy mcp

Option B: Config file

json
{
  "mcpServers": {
    "trivy-mcp": {
      "command": "trivy",
      "args": [
        "mcp"
      ]
    }
  }
}
3

Set up environment variables

No environment variables needed. Trivy MCP works out of the box without any API keys or tokens.

4

Verify it works

Restart Claude Code. Trivy MCP should appear in your MCP server list with 5 tools available.

This server adds approximately 2,500 tokens to your context window for tool definitions.

Set up Trivy MCP in other editors

CursorVS CodeWindsurfClaude DesktopContinue
← Back to Trivy MCP