MCP SBOM Server

by gkhays

Integrations

  • Performs container and application vulnerability scanning using Trivy and produces a Software Bill of Materials (SBOM) in CycloneDX format.

MCP SBOM Server

MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.

Installation

Prerequisites

Install the following.

MCP Clients

Configuration

"mcpServers": { "mcp-sbom": { "command": "uv", "args": [ "--directory", "/path/to/mcp-sbom", "run", "mcp-sbom" ] } }

Building

Note

This project employs uv.

  1. Synchronize dependencies and update the lockfile.
uv sync

Debugging

MCP Inspector

Use MCP Inspector.

Launch the MCP Inspector as follows:

npx @modelcontextprotocol/inspector uv --directory /path/to/mcp-sbom run mcp-sbom

Windows

When running on Windows, use paths of the style:

C:/Users/gkh/src/mcp-sbom-server/src/mcp_sbom

You must be authenticated.

A
security – no known vulnerabilities
F
license - not found
A
quality - confirmed to work

local-only server

The server can only run on the client's local machine because it depends on local resources.

Tools

A Model Context Protocol server that performs Trivy scans to generate Software Bill of Materials (SBOM) in CycloneDX format.

  1. Installation
    1. Prerequisites
  2. MCP Clients
    1. Configuration
  3. Building
    1. Debugging
      1. MCP Inspector
      2. Windows

    Related MCP Servers

    • A
      security
      A
      license
      A
      quality
      A Model Context Protocol server that provides tools for code modification and generation via Large Language Models, allowing users to create, modify, rewrite, and delete files using structured XML instructions.
      Last updated -
      12
      Python
      MIT License
      • Linux
      • Apple
    • -
      security
      A
      license
      -
      quality
      A Model Context Protocol server that provides file system operations, analysis, and manipulation capabilities through a standardized tool interface.
      Last updated -
      1
      TypeScript
      MIT License
    • A
      security
      F
      license
      A
      quality
      A model context protocol server that allows interaction with TriliumNext Notes, providing tools to create, search, retrieve, update, and delete notes through natural language commands.
      Last updated -
      5
      1
      JavaScript
      • Apple
    • A
      security
      A
      license
      A
      quality
      A Model Context Protocol server that fetches up-to-date, version-specific documentation and code examples from libraries directly into LLM prompts, helping developers get accurate answers without outdated or hallucinated information.
      Last updated -
      2
      59,799
      6,780
      JavaScript
      MIT License
      • Linux
      • Apple

    View all related MCP servers

    ID: wll35ydpg2