grype

This MCP server wraps the Grype vulnerability scanner so you can run it from your IDE or desktop automation via the MCP interface. It exposes a Grype-based capability that lets developers perform vulnerability scans on container images or filesystem content through the MCP protocol, making Grype available in Cursor, Claude Desktop, or any MCP-compatible editor. Start the server and point your MCP client at the grype-mcp-server entry; Grype will be invoked through the server using the index.ts entry point. Ensure Grype is installed on the host system and accessible to the server process.

Once running, you can issue scan requests (as defined by the MCP protocol provided by this server) to scan targets such as container images or file trees. The server will execute Grype with the appropriate arguments and return structured results (vulnerabilities, severities, locations) back to your editor or tooling, enabling quick triage and remediation planning from your development environment.

Prerequisites:

• Node.js installed on your machine (LTS version recommended)
• Grype installed and accessible in your PATH
• Git (optional, if cloning from a repository)

Step 1: Install Grype on your system

• You can install Grype following its official instructions for your OS. Ensure Grype is in your PATH so the MCP server can invoke it.

Step 2: Prepare the MCP server environment

• Create a directory to hold the server files, and ensure you have access to index.ts (or the compiled JavaScript equivalent) at the path referenced by GRYPE_MCP_SERVER_PATH.

Step 3: Install Node.js dependencies (if any)

• If your MCP server repository uses npm/yarn, install dependencies in the project root:

# Using npm
npm install

# Or using yarn
yarn install

Step 4: Set environment variable (example)

• Define the path prefix for the server index file. Adjust GRYPE_MCP_SERVER_PATH to the directory containing index.ts.

export GRYPE_MCP_SERVER_PATH=/path/to/grype-mcp-server

Step 5: Run the MCP server

• Start the server using Node.js (as configured in mcp_config):

# If you have a built/compiled index.ts -> index.js setup, you might run:
node ${GRYPE_MCP_SERVER_PATH}/index.ts

Step 6: Verify the server is reachable by your MCP client and you can perform a scan.

Tips and notes:

• The server relies on Grype being installed and accessible in your system PATH. If Grype is not found, the server will fail to run scans.
• The environment variable GRYPE_MCP_SERVER_PATH should point to the directory containing the MCP server entry (index.ts or its compiled equivalent). Ensure proper permissions for reading that file.
• If you encounter path resolution issues, verify that the MCP client is configured to connect to grype-mcp-server and that the server process is running.
• For container image scans, Grype typically requires a reference to an image (e.g., docker.io/library/nginx:latest). For filesystem scans, provide a path to the directory you want to analyze.
• When using IDE integrations, the results will usually include vulnerabilities, severities, and file/package locations. You can filter or sort results in your editor as supported by the MCP integration.