Skip to main content
Glama

dependency-management-mcp-server

by com.sonatype

Server Details

Sonatype component intelligence: versions, security analysis, and Trust Score recommendations

Status
Healthy
Last Tested
Transport
Streamable HTTP
URL
Repository
sonatype/dependency-management-mcp-server
GitHub Stars
68

Available Tools

3 tools
getComponentVersionTry in Inspector

Returns detailed analysis of a specific dependency or multiple dependencies with metadata about quality, license and security. Dependencies can be referred to as packages, components or libraries. They can be transitive (brought in by other dependencies) or direct (explicitly added to the project).

ParametersJSON Schema
NameRequiredDescriptionDefault
packageUrlsYesPackage URL (PURL) or list of PURLs identifying the component(s). Maven requires namespace (groupId). Version is required. When providing multiple package URLs, limit to 20 maximum.
getLatestComponentVersionTry in Inspector

Returns the latest version of a dependency or multiple dependencies with quality, license and security data. Dependencies can be referred to as packages, components or libraries. They can be transitive (brought in by other dependencies) or direct (explicitly added to the project).

ParametersJSON Schema
NameRequiredDescriptionDefault
packageUrlsYesPackage URL (PURL) or list of PURLs identifying the component(s). Maven requires namespace (groupId). Version is optional. When providing multiple package URLs, limit to 20 maximum.
getRecommendedComponentVersionsTry in Inspector

Returns top dependency version recommendations ranked by Developer Trust Score with security, licensing, and quality analysis. Developer Trust Score is a measure of quality, security, licensing, and maintainability. Use this when selecting a new component to add to a project (without version) or when upgrading an existing component (with version). Dependencies can be referred to as packages, components or libraries. They can be transitive (brought in by other dependencies) or direct (explicitly added to the project).

ParametersJSON Schema
NameRequiredDescriptionDefault
packageUrlsYesPackage URL (PURL) or list of PURLs identifying the component(s). Maven requires namespace (groupId). Version is optional: omit for new component recommendations (returns the best versions to start with), include for upgrade recommendations (returns better versions than the one specified). When providing multiple package URLs, limit to 20 maximum.

FAQ

How do I claim this server?

To claim this server, publish a /.well-known/glama.json file on your server's domain with the following structure:

{ "$schema": "https://glama.ai/mcp/schemas/connector.json", "maintainers": [ { "email": "your-email@example.com" } ] }

The email address must match the email associated with your Glama account. Once verified, the server will appear as claimed by you.

What are the benefits of claiming a server?
  • Control your server's listing on Glama, including description and metadata
  • Receive usage reports showing how your server is being used
  • Get monitoring and health status updates for your server
Try in Browser

Your Connectors

Sign in to create a connector for this server.

Resources