MCP SBOM Server

Overview Inspect Schema Related Servers Score Discussions

scan

Generate SPDX SBOM for container images using Trivy scanner. Supports SPDX JSON format for detailed software inventory and compliance tracking.

Instructions

Execute Trivy scanner to generate SPDX SBOM for a container image. Supports the SPDX JSON format. Args: image (str): The container image name/reference to scan Returns: str: Test response or error message

Input Schema

TableJSON Schema

Name	Required	Description	Default
`image`	Yes

Implementation Reference

src/mcp_sbom/server.py:40-59 (handler)
The main handler function for the 'scan' MCP tool, decorated with @mcp.tool() to register it. It calls the exec_trivy helper to perform the actual Trivy scan and returns the SBOM JSON or error.
@mcp.tool() async def scan(image: str): """ Execute Trivy scanner to generate SPDX SBOM for a container image. Supports the SPDX JSON format. Args: image (str): The container image name/reference to scan Returns: str: Test response or error message """ try: logger.info(f"MCP SBOM tool called with image: {image}") result = await exec_trivy(image) logger.debug(f"Trivy execution result: {result}") return result except Exception as e: logger.error(f"Exception in trivy tool: {str(e)}") return f"Error: {str(e)}"
src/mcp_sbom/server.py:14-39 (helper)
Supporting helper function that runs the Trivy CLI asynchronously to generate CycloneDX SBOM JSON for the specified container image.
async def exec_trivy(image: str): try: logger.info(f"Starting Trivy scan for image: {image}") cmd = [ "trivy", "image", "--format", "cyclonedx", "--output", "sbom.json", image ] # result = subprocess.run(cmd, capture_output=True, text=True) process = await asyncio.create_subprocess_exec( *cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE ) stdout, stderr = await process.communicate() logger.info(f"Trivy scan completed with return code {process.returncode}") if process.returncode == 0: with open("sbom.json", "r") as f: sbom_content = json.load(f) return sbom_content except Exception as e: logger.error(f"Exception in exec_trivy: {str(e)}") return f"Error: {str(e)}"
src/mcp_sbom/server.py:41-51 (schema)
Input schema defined by the function parameter type hint (image: str) and docstring describing args and returns.
async def scan(image: str): """ Execute Trivy scanner to generate SPDX SBOM for a container image. Supports the SPDX JSON format. Args: image (str): The container image name/reference to scan Returns: str: Test response or error message """
src/mcp_sbom/server.py:40-40 (registration)
The @mcp.tool() decorator registers the 'scan' function as an MCP tool.
@mcp.tool()

This server cannot be installed

Other Tools

scan

Related Tools

get_image_sbom
@rad-security/mcp-server
list_image_vulnerabilities
@rad-security/mcp-server
get_chemical_image
@Augmented-Nature/SureChEMBL-MCP-Server
create_label
@mattcoatsworth/shipstation-mcp-server
generate_and_upload_image
@TSavo/printify-mcp
list_images
@rad-security/mcp-server

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/gkhays/mcp-sbom-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server