-
securityA
license-
qualityBoost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
Last updated a day ago
97
MIT
Best SPDX MCP Servers
SPDX (Software Package Data Exchange) is an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references.
Why this server?
Generates Software Bill of Materials (SBOM) reports in SPDX format for documenting software components and dependencies.
Why this server?
Generates standardized Software Bill of Materials (SBOM) reports in the SPDX format for security compliance and transparency.
AsecurityAlicense-qualityAI supply chain security scanner for MCP servers and AI agents. 18 tools for CVE scanning, blast radius mapping, CIS benchmarks, SBOM generation, and compliance enforcement across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.Last updated 2 hours ago2010Apache 2.0Why this server?
Uses SPDX license identifiers to filter and validate the licensing of hardware IP cores imported from external repositories.
AsecurityAlicense-qualityProvides AI assistants with a complete FPGA toolchain for HDL linting, simulation, synthesis, and place-and-route across various hardware targets. It features a GitHub-backed IP core registry that enables users to search for and import MIT-licensed cores directly through their chat interface.Last updated a month ago152MITWhy this server?
Used for the Software Bill of Materials (SBOM) format that lists all components included in the container image
MITWhy this server?
Uses SPDX identifiers to perform license risk assessments, categorizing npm packages into risk levels from low to critical.
-securityAlicense-qualityAn MCP server for searching, inspecting, and evaluating NPM packages through health scoring and license risk assessments. It provides comprehensive package analysis including maintenance status, popularity trends, and security vulnerability reports to help users make informed dependency decisions.Last updated 2 months ago1MIT