MCP SBOM Server

by mcp-mirror

開発ツール

Performs vulnerability scans using Trivy to generate Software Bill of Materials (SBOM) in CycloneDX format. It enables automated security auditing and dependency tracking through the Model Context Protocol.

GitHubで見る

MCP SBOM Server

MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.

Installation

Prerequisites

Install the following.

MCP Clients

Configuration

"mcpServers": {
        "mcp-sbom": {
            "command": "uv",
            "args": [
                "--directory",
                "/path/to/mcp-sbom",
                "run",
                "mcp-sbom"
            ]
        }
    }

Building

[!NOTE] This project employs uv.

Synchronize dependencies and update the lockfile.

uv sync

Debugging

MCP Inspector

Use MCP Inspector.

Launch the MCP Inspector as follows:

npx @modelcontextprotocol/inspector uv --directory /path/to/mcp-sbom run mcp-sbom

MCP Inspector

Windows

When running on Windows, use paths of the style:

C:/Users/gkh/src/mcp-sbom-server/src/mcp_sbom