PatchProof MCP
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| scan_repositoryB | Walk a repository root, parse its manifest and lockfile, and return a typed set of findings (vulnerabilities, secrets, malformed inputs). Safe by default: paths are resolved through security/paths.ts and the run is bounded by ResourceGovernor. |
| generate_sbomA | Build a CycloneDX 1.5 SBOM for the repository. Components include name, version, purl, and declared licenses when available. Output is validated against the official CycloneDX JS schema before being returned. |
| audit_dependenciesA | Audit the repository dependencies against OSV (api.osv.dev). Supports a deterministic mock adapter (default, no network) and a live adapter (timeout, bounded retry, TTL cache, sliding-window rate limit). Returns the dependency list and the matched vulnerabilities. |
| generate_evidence_reportA | Assemble the final evidence report. The JSON form carries schemaVersion, generatedAt, inputs, findings, reachability, remediation, verification, limitations, and redactions. The HTML form is self-contained (no external assets, inline CSS/JS, accessible markup) and renders a stable layout suitable for review and audit. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/eaglebooth/patchproof-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server