StackMCP

Set up Trivy MCP in VS Code

Container image scanning, filesystem vulnerability detection, and infrastructure misconfiguration analysis. Official Aqua Security implementation.

1

Locate the config file

VS Code reads MCP server configuration from the following file:

.vscode/settings.json → mcp section

Create this file if it does not already exist. For VS Code, this is inside your workspace .vscode/settings.json file under the mcp section.

2

Add the configuration

Add the following to your VS Code config file:

json
{
  "servers": {
    "trivy-mcp": {
      "type": "stdio",
      "command": "trivy",
      "args": [
        "mcp"
      ]
    }
  }
}
3

Set up environment variables

No environment variables needed. Trivy MCP works out of the box without any API keys or tokens.

4

Verify it works

Restart VS Code. Trivy MCP should appear in your MCP server list with 5 tools available.

This server adds approximately 2,500 tokens to your context window for tool definitions.

Set up Trivy MCP in other editors

Claude CodeCursorWindsurfClaude DesktopContinue
← Back to Trivy MCP