The MCP SBOM Server is a tool that scans container images using Trivy to generate Software Bill of Materials (SBOMs) in both SPDX JSON and CycloneDX formats.

• Container Image Scanning: Executes Trivy scans on specified container images

• Multiple SBOM Formats: Supports both SPDX JSON and CycloneDX standards

• MCP Integration: Operates as a server adhering to the Model Context Protocol (MCP)

• Compatibility: Works with Python 3.12 and MCP 1.6

• Debugging: Provides tools for debugging via MCP Inspector

• Requirements: Needs uv, trivy, and Node.js for installation/execution

• Windows Support: Includes guidance for Windows systems

Performs container and application vulnerability scanning using Trivy and produces a Software Bill of Materials (SBOM) in CycloneDX format.

1. Click on "Install Server".

2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.

3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@MCP SBOM Server scan my Dockerfile for vulnerabilities and generate an SBOM"

That's it! The server will respond to your query, and you can continue using it as needed.

Here is a step-by-step guide with screenshots.