-
securityA
license-
qualityMarineTraffic MCP Server
Last updated -
1
TypeScript
MIT License
Supports containerized deployment of the MCP server with signed container images
Used for hosting the repository and container registry (ghcr.io) for distributing the MCP server
Provides CI/CD pipeline for building, signing, and publishing container images with security attestations
Used for the Software Bill of Materials (SBOM) format that lists all components included in the container image
Performs vulnerability scanning on container images with results uploaded to GitHub Security
MBTA MCP Server
An MCP server that communicates with the MBTA API to provide Boston-area transit information.
This Machine Learning Control Protocol (MCP) server integrates with the Massachusetts Bay Transportation Authority (MBTA) API to provide real-time and scheduled transit information for the Boston area. It enables AI assistants to access MBTA data through a standardized interface.
Features
- Real-time transit predictions
- Service alerts and disruptions
- Route and schedule information
- Accessibility information
- Trip planning assistance
- Location-based station finding
Installation
Docker
Go Installation
Configuration
Set your MBTA API key in the environment:
Usage
The server implements the MCP stdio protocol for local usage with AI assistants.
For more detailed information, see the specification.
Supply Chain Security
Container Image Signing
All container images are signed using Sigstore's Cosign with keyless signing. This allows users to verify that the container image was built by our GitHub Actions CI/CD pipeline.
Signing Security Practice
We follow the best practice for container image signing:
We sign only the image digest (content hash) - This is the most secure approach since the digest is a unique, immutable identifier for the specific content. By signing only the digest, we avoid any potential security issues that could arise from mutable tags like latest.
Verifying Container Images
To verify our container images, always verify by digest:
Software Bill of Materials (SBOM)
Each build generates a comprehensive Software Bill of Materials (SBOM) that lists all components included in the container image. The SBOM is:
- Generated during the build process
- Signed with a GitHub-issued certificate using the actions/attest-sbom tool
- Available as a GitHub Actions artifact with each build
- Attached to the container image as an attestation by digest
To verify the SBOM attestation:
Vulnerability Scanning
We use Trivy to scan our container images for vulnerabilities:
- Container images are automatically scanned after they're built
- Results are uploaded to GitHub Security in SARIF format
- Critical and High severity vulnerabilities are reported
- Scans focus on vulnerabilities with available fixes
These security measures help ensure our software supply chain is secure and transparent from source code to container deployment.
License
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
mbta-mpc-server
Related MCP Servers
- Python
- TypeScriptMIT License
- -securityAlicense-qualityOData MCP Server by CDataLast updated -MIT License