snyk.io
Snyk is a developer security platform for scanning code, open-source dependencies, containers, and infrastructure-as-code for vulnerabilities and policy issues. It also provides tools for integrating those security checks into developer workflows and AI-assisted coding environments.
Snyk exposes two HTTP APIs (legacy V1/Snyk API and the newer REST API), a local stdio MCP server packaged with the Snyk CLI, and the `snyk` CLI; authentication is via Snyk-issued PATs, legacy API tokens, and service-account tokens depending on surface.
- Snyk MCP Serverdiscovered
- Snyk APIdiscovered
- Snyk REST APIdiscovered
- Snyk CLIdiscovered
Sign in to Snyk and open Personal Access Tokens from your account settings. Create a PAT there. Snyk documents PATs as available under your profile for Enterprise users; for local CLI use you can then pass it to snyk auth <YOUR_PAT>, snyk config set api=<YOUR_PAT_OR_API_TOKEN>, or set SNYK_TOKEN.
Sign in to Snyk and open Account settings. In the key field, click Click to show and copy the API token. You can regenerate it there with Revoke & Regenerate. Snyk also documents using this token with snyk auth <YOUR_API_TOKEN>, snyk config set api=<YOUR_PAT_OR_API_TOKEN>, or SNYK_TOKEN.
Create a service account in Snyk under your Organization or Group as described in Service accounts. Snyk recommends service accounts for automation, including API and CI/CD usage. Use the resulting token where Snyk accepts account tokens, such as API Authorization headers or the CLI SNYK_TOKEN/snyk auth flows.
conventions · 0/8 published
- integrations.json✗
/.well-known/integrations.json - llms.txt✗
/llms.txt - API catalog✗
/.well-known/api-catalog - OpenAPI document✗
/api/schema/, /openapi.json, /swagger.json, /api/openapi.json, or /v1/openapi.json - MCP server card✗
/.well-known/mcp/server-card.json - OAuth protected resource✗
/.well-known/oauth-protected-resource - Agent card✗
/.well-known/agent-card.json - Agent skills✗
/.well-known/agent-skills/index.json
Publish these signals → /publishing