Server Details
Sonatype component intelligence: versions, security analysis, and Trust Score recommendations
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
- Repository
- sonatype/dependency-management-mcp-server
- GitHub Stars
- 68
See and control every tool call
Available Tools
3 toolsgetComponentVersionInspect
Returns detailed analysis of a specific dependency or multiple dependencies with metadata about quality, license and security. Dependencies can be referred to as packages, components or libraries. They can be transitive (brought in by other dependencies) or direct (explicitly added to the project).
| Name | Required | Description | Default |
|---|---|---|---|
| packageUrls | Yes | Package URL (PURL) or list of PURLs identifying the component(s). Maven requires namespace (groupId). Version is required. When providing multiple package URLs, limit to 20 maximum. |
getLatestComponentVersionInspect
Returns the latest version of a dependency or multiple dependencies with quality, license and security data. Dependencies can be referred to as packages, components or libraries. They can be transitive (brought in by other dependencies) or direct (explicitly added to the project).
| Name | Required | Description | Default |
|---|---|---|---|
| packageUrls | Yes | Package URL (PURL) or list of PURLs identifying the component(s). Maven requires namespace (groupId). Version is optional. When providing multiple package URLs, limit to 20 maximum. |
getRecommendedComponentVersionsInspect
Returns top dependency version recommendations ranked by Developer Trust Score with security, licensing, and quality analysis. Developer Trust Score is a measure of quality, security, licensing, and maintainability. Use this when selecting a new component to add to a project (without version) or when upgrading an existing component (with version). Dependencies can be referred to as packages, components or libraries. They can be transitive (brought in by other dependencies) or direct (explicitly added to the project).
| Name | Required | Description | Default |
|---|---|---|---|
| packageUrls | Yes | Package URL (PURL) or list of PURLs identifying the component(s). Maven requires namespace (groupId). Version is optional: omit for new component recommendations (returns the best versions to start with), include for upgrade recommendations (returns better versions than the one specified). When providing multiple package URLs, limit to 20 maximum. |
To claim this server, publish a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [
{
"email": "your-email@example.com"
}
]
}The email address must match the email associated with your Glama account. Once verified, the server will appear as claimed by you.
Control your server's listing on Glama, including description and metadata
Receive usage reports showing how your server is being used
Get monitoring and health status updates for your server
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!
Your Connectors
Sign in to create a connector for this server.