The MCP SBOM Server is a tool that scans container images using Trivy to generate Software Bill of Materials (SBOMs) in both SPDX JSON and CycloneDX formats.
- Container Image Scanning: Executes Trivy scans on specified container images
- Multiple SBOM Formats: Supports both SPDX JSON and CycloneDX standards
- MCP Integration: Operates as a server adhering to the Model Context Protocol (MCP)
- Compatibility: Works with Python 3.12 and MCP 1.6
- Debugging: Provides tools for debugging via MCP Inspector
- Requirements: Needs
uv
,trivy
, andNode.js
for installation/execution - Windows Support: Includes guidance for Windows systems
Performs container and application vulnerability scanning using Trivy and produces a Software Bill of Materials (SBOM) in CycloneDX format.
MCP SBOM Server
MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.
Installation
Prerequisites
Install the following.
MCP Clients
Configuration
Building
Note
This project employs uv
.
- Synchronize dependencies and update the lockfile.
Debugging
MCP Inspector
Use MCP Inspector.
Launch the MCP Inspector as follows:
Windows
When running on Windows, use paths of the style:
local-only server
The server can only run on the client's local machine because it depends on local resources.
Tools
A Model Context Protocol server that performs Trivy scans to generate Software Bill of Materials (SBOM) in CycloneDX format.
Related MCP Servers
- -securityFlicense-qualityA standalone Model Context Protocol server for Snyk security scanning functionality.Last updated 8 months ago21JavaScript
- AsecurityAlicenseAqualityA Model Context Protocol server for interacting with Redmine using its REST API, enabling the management of tickets, projects, and user data through integration with LLMs.Last updated 8 days ago2346TypeScriptMIT License
- AsecurityAlicenseAqualityA Model Context Protocol server that provides tools for code modification and generation via Large Language Models, allowing users to create, modify, rewrite, and delete files using structured XML instructions.Last updated 5 months ago121PythonMIT License
- -securityAlicense-qualityA Model Context Protocol server that enables web search, scraping, crawling, and content extraction through multiple engines including SearXNG, Firecrawl, and Tavily.Last updated 4 months ago1,09344TypeScriptMIT License