Snyk Container · Capability

Snyk Container Security

Unified container security workflow combining Snyk Container's project management, vulnerability scanning, issue tracking, SBOM generation, and registry target management. Designed for DevSecOps engineers, platform security teams, and SREs integrating container security into CI/CD pipelines.

Run with Naftiko SnykContainer SecurityVulnerability ManagementKubernetesDevSecOpsSBOMCI/CD

What You Can Do

GET
List projects — List all container image and Kubernetes scanning projects
/v1/projects
POST
Create project — Register a new container image for scanning
/v1/projects
GET
Get project — Get details of a specific container scanning project
/v1/projects/{id}
DELETE
Delete project — Delete a container scanning project
/v1/projects/{id}
GET
List issues — List vulnerability issues from container scans filtered by severity and status
/v1/issues
GET
List package issues — List CVEs and vulnerabilities for packages in container images
/v1/package-issues
GET
List targets — List all container registries and image sources configured for scanning
/v1/targets
POST
Create target — Add a new container registry as a scan target
/v1/targets
GET
Get sbom — Generate SBOM (CycloneDX or SPDX) for a container project
/v1/projects/{id}/sbom

MCP Tools

list-container-projects

List all Snyk Container scanning projects including container images, Kubernetes monitors, and Helm releases

read-only
get-container-project

Get details of a specific container scanning project including status and settings

read-only
list-container-issues

List all container vulnerability issues, filterable by severity (critical/high/medium/low) and status

read-only
list-package-issues

Look up CVEs and security issues for specific packages (by purl) found in container images

read-only
get-project-sbom

Generate and download an SBOM (CycloneDX or SPDX format) for a container scanning project

read-only
list-registry-targets

List all container registries and image sources configured as scan targets in Snyk

read-only
create-registry-target

Add a new container registry as a Snyk scan target

delete-container-project

Remove a container scanning project from Snyk monitoring

idempotent

APIs Used

snyk-container

Capability Spec

Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Snyk Container Security"
  description: >-
    Unified container security workflow combining Snyk Container's project management, vulnerability scanning, issue tracking, SBOM generation, and registry target management. Designed for DevSecOps engineers, platform security teams, and SREs integrating container security into CI/CD pipelines.
  tags:
    - Snyk
    - Container Security
    - Vulnerability Management
    - Kubernetes
    - DevSecOps
    - SBOM
    - CI/CD
  created: "2026-05-02"
  modified: "2026-05-02"

binds:
  - namespace: env
    keys:
      SNYK_API_TOKEN: SNYK_API_TOKEN
      SNYK_ORG_ID: SNYK_ORG_ID

capability:
  consumes:
    - import: snyk-container
      location: ./shared/snyk-container.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: container-security-api
      description: "Unified REST API for container security scanning and vulnerability management."
      resources:
        - path: /v1/projects
          name: container-projects
          description: "Manage container scanning projects"
          operations:
            - method: GET
              name: list-projects
              description: "List all container image and Kubernetes scanning projects"
              call: "snyk-container.list-container-projects"
              with:
                org_id: "rest.org_id"
                version: "2024-10-15"
              outputParameters:
                - type: object
                  mapping: "$.data"
            - method: POST
              name: create-project
              description: "Register a new container image for scanning"
              call: "snyk-container.create-container-project"
              with:
                org_id: "rest.org_id"
                version: "2024-10-15"
              outputParameters:
                - type: object
                  mapping: "$.data"

        - path: /v1/projects/{id}
          name: container-project
          description: "Individual container project operations"
          operations:
            - method: GET
              name: get-project
              description: "Get details of a specific container scanning project"
              call: "snyk-container.get-container-project"
              with:
                org_id: "rest.org_id"
                project_id: "rest.id"
                version: "2024-10-15"
              outputParameters:
                - type: object
                  mapping: "$.data"
            - method: DELETE
              name: delete-project
              description: "Delete a container scanning project"
              call: "snyk-container.delete-container-project"
              with:
                org_id: "rest.org_id"
                project_id: "rest.id"
                version: "2024-10-15"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/issues
          name: vulnerabilities
          description: "Container vulnerability issues"
          operations:
            - method: GET
              name: list-issues
              description: "List vulnerability issues from container scans filtered by severity and status"
              call: "snyk-container.list-container-issues"
              with:
                org_id: "rest.org_id"
                version: "2024-10-15"
                severity: "rest.severity"
                status: "rest.status"
              outputParameters:
                - type: object
                  mapping: "$.data"

        - path: /v1/package-issues
          name: package-vulnerabilities
          description: "Package-level vulnerability issues in container images"
          operations:
            - method: GET
              name: list-package-issues
              description: "List CVEs and vulnerabilities for packages in container images"
              call: "snyk-container.list-package-issues"
              with:
                org_id: "rest.org_id"
                version: "2024-10-15"
                purl: "rest.purl"
              outputParameters:
                - type: object
                  mapping: "$.data"

        - path: /v1/targets
          name: registry-targets
          description: "Container registry scan targets"
          operations:
            - method: GET
              name: list-targets
              description: "List all container registries and image sources configured for scanning"
              call: "snyk-container.list-targets"
              with:
                org_id: "rest.org_id"
                version: "2024-10-15"
              outputParameters:
                - type: object
                  mapping: "$.data"
            - method: POST
              name: create-target
              description: "Add a new container registry as a scan target"
              call: "snyk-container.create-target"
              with:
                org_id: "rest.org_id"
                version: "2024-10-15"
              outputParameters:
                - type: object
                  mapping: "$.data"

        - path: /v1/projects/{id}/sbom
          name: sbom
          description: "Software Bill of Materials"
          operations:
            - method: GET
              name: get-sbom
              description: "Generate SBOM (CycloneDX or SPDX) for a container project"
              call: "snyk-container.get-project-sbom"
              with:
                org_id: "rest.org_id"
                project_id: "rest.id"
                version: "2024-10-15"
                format: "rest.format"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: container-security-mcp
      transport: http
      description: "MCP server for AI-assisted container security scanning, vulnerability analysis, and remediation."
      tools:
        - name: list-container-projects
          description: "List all Snyk Container scanning projects including container images, Kubernetes monitors, and Helm releases"
          hints:
            readOnly: true
            openWorld: false
          call: "snyk-container.list-container-projects"
          with:
            org_id: "{{SNYK_ORG_ID}}"
            version: "2024-10-15"
          outputParameters:
            - type: object
              mapping: "$.data"

        - name: get-container-project
          description: "Get details of a specific container scanning project including status and settings"
          hints:
            readOnly: true
            openWorld: false
          call: "snyk-container.get-container-project"
          with:
            org_id: "{{SNYK_ORG_ID}}"
            version: "2024-10-15"
          outputParameters:
            - type: object
              mapping: "$.data"

        - name: list-container-issues
          description: "List all container vulnerability issues, filterable by severity (critical/high/medium/low) and status"
          hints:
            readOnly: true
            openWorld: false
          call: "snyk-container.list-container-issues"
          with:
            org_id: "{{SNYK_ORG_ID}}"
            version: "2024-10-15"
          outputParameters:
            - type: object
              mapping: "$.data"

        - name: list-package-issues
          description: "Look up CVEs and security issues for specific packages (by purl) found in container images"
          hints:
            readOnly: true
            openWorld: true
          call: "snyk-container.list-package-issues"
          with:
            org_id: "{{SNYK_ORG_ID}}"
            version: "2024-10-15"
          outputParameters:
            - type: object
              mapping: "$.data"

        - name: get-project-sbom
          description: "Generate and download an SBOM (CycloneDX or SPDX format) for a container scanning project"
          hints:
            readOnly: true
            openWorld: false
          call: "snyk-container.get-project-sbom"
          with:
            org_id: "{{SNYK_ORG_ID}}"
            version: "2024-10-15"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-registry-targets
          description: "List all container registries and image sources configured as scan targets in Snyk"
          hints:
            readOnly: true
            openWorld: false
          call: "snyk-container.list-targets"
          with:
            org_id: "{{SNYK_ORG_ID}}"
            version: "2024-10-15"
          outputParameters:
            - type: object
              mapping: "$.data"

        - name: create-registry-target
          description: "Add a new container registry as a Snyk scan target"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "snyk-container.create-target"
          with:
            org_id: "{{SNYK_ORG_ID}}"
            version: "2024-10-15"
          outputParameters:
            - type: object
              mapping: "$.data"

        - name: delete-container-project
          description: "Remove a container scanning project from Snyk monitoring"
          hints:
            readOnly: false
            destructive: true
            idempotent: true
          call: "snyk-container.delete-container-project"
          with:
            org_id: "{{SNYK_ORG_ID}}"
            version: "2024-10-15"
          outputParameters:
            - type: object
              mapping: "$."