The MCP SBOM Server is a tool that scans container images using Trivy to generate Software Bill of Materials (SBOMs) in both SPDX JSON and CycloneDX formats.
Container Image Scanning: Executes Trivy scans on specified container images
Multiple SBOM Formats: Supports both SPDX JSON and CycloneDX standards
MCP Integration: Operates as a server adhering to the Model Context Protocol (MCP)
Compatibility: Works with Python 3.12 and MCP 1.6
Debugging: Provides tools for debugging via MCP Inspector
Requirements: Needs
uv,trivy, andNode.jsfor installation/executionWindows Support: Includes guidance for Windows systems
Performs container and application vulnerability scanning using Trivy and produces a Software Bill of Materials (SBOM) in CycloneDX format.
MCP SBOM Server
MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.
Installation
Prerequisites
Install the following.
Related MCP server: Redmine MCP Server
MCP Clients
Configuration
Building
This project employsuv.
Synchronize dependencies and update the lockfile.
Debugging
MCP Inspector
Use MCP Inspector.
Launch the MCP Inspector as follows:
Windows
When running on Windows, use paths of the style: