Skip to main content
If you need an introduction on MCP, here is the get Started article of the protocol.
MCP setup is independant from our extension (that you can download and install here)

Setup

Good news! If you use Antigravity, Cursor, Kiro, VS Code, or Windsurf, and our extension is installed, everything is set up automatically. The MCP installs and configures itself, nothing for you to do.
1

Install our CLI

To use the Symbiotic Security MCP, you first need to download and install our CLI using the command below. The installer will automatically select the correct version for your environment.
      curl -sSL https://github.com/SymbioticSec/cli/releases/latest/download/install.sh | bash
      echo 'export PATH="$HOME/.local/bin:$PATH"'
2

Open MCP configuration in your IDE

In your IDE, use CTRL/CMD + P and search for MCP: Open User Configuration to open the configuration file that should be called settings.json.
3

Add MCP Configuration

Once the file opened, paste this configuration:
{
    "mcpServers": {
      "symbiotic-security": {
        "command": "npx",
        "args": ["@symbioticsec/symbiotic-mcp-server"],
        "env": {
          	"SYMBIOTIC_API_TOKEN": "your_token_here",
    		"SYMBIOTIC_CLI_PATH": "cli_path_here"
        }
      }
    }
  }
4

Input your API token

Retrieve your personal access token here and paste it in the SYMBIOTIC_API_TOKEN variable
5

Input the CLI path

Retrieve the path of the CLI you installed in step 1 and paste it in the SYMBIOTIC_CLI_PATH variable
You can retrieve it using the command which symbiotic-cli in a terminal.
6

Save and launch the MCP

Save the file and launch the MCP server by clicking on Start above teh MCP name in the configuration file or by using the MCP: List Servers command and selecting symbiotic-security, and selecting Start Server.

Examples

Continue.dev

  1. In continue.dev extension settings add a new MCP
  2. Enter the following configuration: 
    mcpServers:
  - name: Symbiotic Security
    command: node
    args:
      - "path_of_the_index.js_file"
    env: {
      "SYMBIOTIC_API_TOKEN": "your_token_here"
    }

Zed

  1. CMD + , to open Zed settings.
  2. Add the following:
{
  "mcpServers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path_of_the_index.js_file"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      }
    }
  }
}

Others

Hundreds of other tools now support MCP servers, you can configure them to use the Symbiotic MCP server with the following settings:
  • Command: npx
  • Arguments: "@symbioticsec/symbiotic-mcp-server"
  • Environment: 
    "SYMBIOTIC_API_TOKEN": "your_api_token",
"SYMBIOTIC_CLI_PATH": "cli_path"

Usage

Once configured, you can use the MCP directly from your IDE’s chat interface by asking it to perform a security scan on a file. If you want your chat agent to automatically scan every piece of AI-generated code, we recommend adding the following MCP usage rule: 
ALWAYS use symbiotic-security MCP with the security_scan_files tool EACH time you generate code to scan for security vulnererabilities and remediate issues found.

ALWAYS try to fix issues found by the scanner.