The MCP SBOM Server is a tool that scans container images using Trivy to generate Software Bill of Materials (SBOMs) in both SPDX JSON and CycloneDX formats.
- Container Image Scanning: Executes Trivy scans on specified container images
- Multiple SBOM Formats: Supports both SPDX JSON and CycloneDX standards
- MCP Integration: Operates as a server adhering to the Model Context Protocol (MCP)
- Compatibility: Works with Python 3.12 and MCP 1.6
- Debugging: Provides tools for debugging via MCP Inspector
- Requirements: Needs
uv
,trivy
, andNode.js
for installation/execution - Windows Support: Includes guidance for Windows systems
Performs container and application vulnerability scanning using Trivy and produces a Software Bill of Materials (SBOM) in CycloneDX format.
MCP SBOM Server
MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.
Installation
Prerequisites
Install the following.
MCP Clients
Configuration
Building
Note
This project employs uv
.
- Synchronize dependencies and update the lockfile.
Debugging
MCP Inspector
Use MCP Inspector.
Launch the MCP Inspector as follows:
Windows
When running on Windows, use paths of the style:
You must be authenticated.
local-only server
The server can only run on the client's local machine because it depends on local resources.
Tools
A Model Context Protocol server that performs Trivy scans to generate Software Bill of Materials (SBOM) in CycloneDX format.
Related MCP Servers
- AsecurityAlicenseAqualityA Model Context Protocol server that provides tools for code modification and generation via Large Language Models, allowing users to create, modify, rewrite, and delete files using structured XML instructions.Last updated -12PythonMIT License
- -securityAlicense-qualityA Model Context Protocol server that provides file system operations, analysis, and manipulation capabilities through a standardized tool interface.Last updated -1TypeScriptMIT License
- AsecurityFlicenseAqualityA model context protocol server that allows interaction with TriliumNext Notes, providing tools to create, search, retrieve, update, and delete notes through natural language commands.Last updated -57JavaScript
- AsecurityAlicenseAqualityA Model Context Protocol server that fetches up-to-date, version-specific documentation and code examples from libraries directly into LLM prompts, helping developers get accurate answers without outdated or hallucinated information.Last updated -2145,8339,538JavaScriptMIT License