Repository avatar
Security
v1.0.1
active

mcp

io.github.SymbioticSec/mcp

Symbiotic CLI MCP Server for security scanning and analysis

Repository

Documentation

Symbiotic MCP Server

A Model Context Protocol (MCP) server for security analysis using Symbiotic CLI

Description

This server exposes security analysis tools via the MCP protocol for any MCP-compatible client. It allows scanning code and infrastructure files without affecting your workspace.

Available Tools

  • code_scan_files - Static code analysis
  • infra_scan_files - Infrastructure security scanning
  • security_scan_files - Comprehensive security scan (code + infrastructure)
  • get_supported_languages - List of supported programming languages

Cursor Integration

Setting up the Security Review Command

  1. Create a .cursor directory in your project root if it doesn't exist
  2. Create or update .cursor/commands/security-review.md with the contents of security-review.md

Using the Command

  1. Open the chat panel in Cursor (Cmd+L or Ctrl+L)
  2. Type /security-review followed by optional file paths or glob patterns
  3. The command will perform a comprehensive security analysis, including:
    • Scanning selected files or the entire workspace
    • Analyzing for security vulnerabilities
    • Triaging findings and filtering false positives
    • Providing a detailed report with severity levels and remediation suggestions
    • Offering to apply automatic fixes for identified issues

Installation

  1. Install symbiotic-cli
https://github.com/SymbioticSec/cli/releases
  1. Get API token

Create an account on Symbiotic Security and retrieve your API token.

  1. Build and start

Clone this repository and install dependencies:

npm install
npm run build

MCP Configuration

In VSCode, open MCP: Open User Configuration and add in servers:

{
 "servers": {
  "symbiotic-security": {
       "command": "node",
      "args": ["path/to/build/index.js"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here",
    }
  },
}

Configuration for other MCP clients may vary but generally follows the same structure.

{
  "mcpServers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path/to/build/index.js"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      }
    }
  }
}

Important environment variables:

  • SYMBIOTIC_API_TOKEN (required) - Your Symbiotic API token

Note: Configuration file name and location may vary depending on your MCP client.

Transport Modes

  • STDIO (default) - Standard communication for MCP
  • SSE - Server-Sent Events over HTTP
  • Streamable HTTP - HTTP with /mcp endpoint
# STDIO (default)
node build/index.js

# HTTP server on port 9593
SERVER_PORT=9593 node build/index.js

Authentication

The server requires a valid Symbiotic Security API token. Configuration is done via MCP environment variables.

Minimal required configuration:

"env": {
  "SYMBIOTIC_API_TOKEN": "your_token_here"
}

How It Works

  1. Receives code files via MCP
  2. Creates temporary files
  3. Executes symbiotic-cli
  4. Automatic cleanup of temporary files
  5. Returns formatted results
NPM
@symbioticsec/symbiotic-mcp-server
Install Command
npm install @symbioticsec/symbiotic-mcp-server

Related Servers

ai.smithery/eliu243-oura-mcp-server-2

Connect your Oura Ring account to enable secure, authenticated access in your workflows. Generate…

ai.smithery/eliu243-oura-mcp-server-eliu

Connect your Oura Ring account securely in minutes. Enable authorized access to your sleep, activi…

com.adspirer/ads

Remote MCP for cross-platform ad creation (Google Ads, TikTok). OAuth 2.1 with progress streaming.