Agentic Container Security with Snyk MCP Server

Did developers steal the spotlight of agentic workflows with the wave of AI coding assistants sweeping the media, startups, and tech? What about DevOps workflows, container security, and operating system vulnerability scanning?

One of the most time consuming tasks of application security engineers and those responsible for production artifacts is tracking Common Vulnerabilities and Exposures (CVEs) and in what way they impact a bundled application.

The container security pain

Vulnerability fatigue is a painful reality for developers and security professionals alike. Application projects are known to have tens or hundreds of packages, resulting in tens of vulnerabilities on average, but in the case of container images, their vulnerability count is far greater than that.

Using a bulky container image, such as a full Debian operating system for your application container, can easily result in hundreds of vulnerabilities and more than one thousand at times. More software libraries installed already on the operating system means more vulnerabilities to triage. Rightfully so, some will claim that only a very small percentage of them is reachable and relevant, indeed, but the vulnerability noise is frustrating to handle nonetheless.

The container vulnerability pain is immensely more troublesome when you have to deal with it too late in the stage - continuous integration, or production. Imagine, what if you could fix container security issues before you even commit the Dockerfile to your branch?

The shift left paradox for containers

The term shift left is thrown around a lot but for ops-related processes and technologies such as Helm Charts, Kubernetes, and container technology stack, these are mostly a foreign and far-away practice that developers do not wield at a day to day routine.

The paradox is that we look up to developers to own the entire technology stack, from their frontend development code and up to production deployment via infrastructure as code, but many security companies that aim to secure container images do not bridge the skill gap.

When Snyk launched container security solutions for developers it put software engineers first with a friction free approach. How do we enable easy container fix? Snyk provided developers with data insights and actionable container image recommendations that allow developers to easily extrapolate which image tag they should consider moving to. Even more, Snyk has automated pull request workflows to modify your container’s FROM image tag to use an alternative base image with a lower vulnerability footprint.

Bringing agentic container security to AI software development

It’s very established that the IDE is home to developers, but even more so today, agentic IDEs are superpowering productivity for developers by turning generative AI into coding assistants.

Can developers enumerate all security findings by so many tools and across all those systems they are sourced from? It’s technically possible, but it’s a struggle.

What difficulties do developers face when solving container security issues? Here are a few I can call out as a developer myself:

• “What is docker or a container? Do I need to have it installed?”

• “How do I scan the vulnerabilities in this container?”

• “What does it mean to build the container? How do I do that“

Luckily, LLMs can help with a lot of this. Developers don’t even need to know the Docker command syntax, but rather prompt the chat box in the IDE to ask a question or trigger the agentic workflow that autonomously completes the security scanning task.

Snyk MCP server finds security vulnerabilities in containers

What if we were able to bring agentic container security to software developers? You can, with Snyk’s MCP Server.

Getting started with Snyk MCP Server is easy as these 2 steps:

1. Install the Snyk CLI

2. Configure the Snyk MCP Server in the agentic tool or the IDE

Configuring the Snyk MCP Server depends on your AI tool of choice (find MCP quickstart guides here), and in a nutshell, it is a JSON you need to copy over:

{
  "mcpServers": {
    "Snyk": {
      "command": "snyk mcp -t stdio",
      "env": {}
    }
  }
}

Now, if you have a Dockerfile or a docker-compose.yml file in your project’s repository, you can simply ask Cursor or Copilot:

Use the Snyk tool to scan the conainer image for vulnerabilities

Following that, the agentic workflow starts, exploring whether a docker image is available or needs to be built, and invokes the Snyk MCP Server to then scan the container image and test if there are any operating system vulnerabilities (as well as open source application packages that are vulnerable):

Adopting AI you can trust

In this article I demonstrated how you can use the Snyk MCP Server for container security. The container image security scanning is just one of other scan types that you can perform. The MCP Server supports dependency scanning (SCA), code security scanning (SAST) and infrastructure as code scanning (IaC).

As you’re adopting a secure workflow for AI that you can trust, I want to suggest the following technical articles on MCP security and adjacent topics to help you level up secure at inception:

• Learn how attackers can exploit MCP Servers Vulnerable to Command Injection

• If you’re using an agentic IDE like Cursor then learn how to add a new MCP Server to Cursor

• MCP Security – What's Old is New Again

• How prompt injections are exploited via invisible PDF Text to Pass Credit Score Analysis by LLMs

Interesting in learning more about building AI Trust? Download the AI Readiness Cheat Sheet.