Skip to main content
If you need an introduction on MCP, here is the get Started article of the protocol.

Setup

MCP download & build

MCP setup is independant from our extension (that you can download and install here)
To use the Symbiotic Security MCP, you first need to install our CLI and build the MCP from source.
1

Install our CLI

Download and install our CLI using the command below.
The installer will automatically select the correct version for your environment.
      curl -sSL https://github.com/SymbioticSec/cli/releases/latest/download/install.sh | bash
      echo 'export PATH="$HOME/.local/bin:$PATH"'
2

Clone our MCP repository

Clone the official Symbiotic Security MCP repository:
  git clone https://github.com/SymbioticSec/mcp.git
3

Install and build the MCP

Navigate into the repository and build the MCP:
cd mcp  
npm install
npm run build
4

Retrieve the index.js filepath

After the build completes, a build directory will be created.
Locate the full path to build/index.js — you will need it to configure the MCP in your IDE.
You can retrieve it using the command realpath build/index.js in the MCP repository.

Installation in your IDE

To use the MCP inside your IDE, you must declare it in your MCP settings. You will need:
  1. The full filepath of the index.js file we retrieved during the build of the MCP
  2. Your Symbiotic personal access token that you can create and retrieve here

Antigravity

  1. CTRL/CMD + P and search for MCP: Open User Configuration.
  2. Enter the following configuration, and save the file. 
    {
  "servers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path_of_the_index.js_file"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      }
    }
  }
}
  3. Activate the server using MCP: List Servers and selecting symbiotic-security, and selecting Start Server.

Continue.dev

  1. In continue.dev extension settings add a new MCP
  2. Enter the following configuration: 
    mcpServers:
  - name: Symbiotic Security
    command: node
    args:
      - "path_of_the_index.js_file"
    env: {
      "SYMBIOTIC_API_TOKEN": "your_token_here"
    }

Cursor

  1. CTRL/CMD + P and search for Cursor Settings.
  2. In the settings, find the Tools & MCP section.
  3. Click on New MCP Server and enter the following configuration: 
    {
  "mcpServers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path_of_the_index.js_file"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      }
    }
  }
}

Kiro

  1. CTRL/CMD + P and search for Kiro: Open MCP Config.
  2. Enter the following configuration, and save the file. 
    {
  "mcpServers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path_of_the_index.js_file"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      },
      "disabled": false
    }
  }
}
To ensure the MCP is used we advise you to create an Agent Hook in Kiro with the following prompt:
Run the security_scan_files tool from the symbiotic-security MCP server on the file that was just edited. 
Analyze all security issues found in the scan results and correct each issue by modifying the file appropriately. 
Make sure to address every vulnerability identified. 
Rescan after modification to ensure all issues have been corrected and none were introduced.

Visual Studio Code

  1. CTRL/CMD + P and search for MCP: Open User Configuration.
  2. Enter the following configuration, and save the file. 
    {
  "mcpServers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path_of_the_index.js_file"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      }
    }
  }
}
  3. Activate the server using MCP: List Servers and selecting symbiotic-security, and selecting Start Server.

Windsurf

  1. CTRL/CMD + , to open Windsurf settings.
  2. Under Scroll to Cascade -> MCP servers
  3. Select Add Server -> Add custom server
  4. Add the following:
{
  "mcpServers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path_of_the_index.js_file"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      }
    }
  }
}

Zed

  1. CMD + , to open Zed settings.
  2. Add the following:
{
  "mcpServers": {
    "symbiotic-security": {
      "command": "node",
      "args": ["path_of_the_index.js_file"],
      "env": {
        "SYMBIOTIC_API_TOKEN": "your_token_here"
      }
    }
  }
}

Others

Hundreds of other tools now support MCP servers, you can configure them to use the Symbiotic MCP server with the following settings:
  • Command: node
  • Arguments: path_of_the_index.js_file
  • Environment: SYMBIOTIC_API_TOKEN with your token

Usage

Once configured, you can use the MCP directly from your IDE’s chat interface by asking it to perform a security scan on a file. If you want your chat agent to automatically scan every piece of AI-generated code, we recommend adding the following MCP usage rule: 
ALWAYS use symbiotic-security MCP with the security_scan_files tool EACH time you generate code to scan for security vulnererabilities and remediate issues found.

ALWAYS try to fix issues found by the scanner.