Best SPDX MCP Servers

SPDX (Software Package Data Exchange) is an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references.

View all SPDX MCP Servers

Why this server?
Generates standardized Software Bill of Materials (SBOM) reports in the SPDX format for security compliance and transparency.
agent-bom
Cloud Platforms Observability Security
msaad00
A
security
A
license
A
quality
AI supply chain security scanner for MCP servers and AI agents. 18 tools for CVE scanning, blast radius mapping, CIS benchmarks, SBOM generation, and compliance enforcement across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Last updated 3 hours ago
20
10
Apache 2.0
Why this server?
Uses SPDX license identifiers to filter and validate the licensing of hardware IP cores imported from external repositories.
fpgaZeroMCP
Developer Tools Code Execution Embedded system
bard0-design
A
security
A
license
A
quality
Provides AI assistants with a complete FPGA toolchain for HDL linting, simulation, synthesis, and place-and-route across various hardware targets. It features a GitHub-backed IP core registry that enables users to search for and import MIT-licensed cores directly through their chat interface.
Last updated 10 days ago
15
2
MIT
Why this server?
Generates Software Bill of Materials (SBOM) reports in SPDX format for documenting software components and dependencies.
Cycodeofficial
Security Developer Tools Remote
cycodehq
-
security
A
license
-
quality
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
Last updated 2 days ago
97
MIT
Why this server?
Used for the Software Bill of Materials (SBOM) format that lists all components included in the container image
mbta-mpc-server
Travel & Transportation Search Location Services
crdant
-
security
A
license
-
quality
mbta-mpc-server
Last updated 10 months ago
MIT
Why this server?
Uses SPDX identifiers to perform license risk assessments, categorizing npm packages into risk levels from low to critical.
npm-registry-mcp
Developer Tools Search Code Analysis
howmanysmall
-
security
A
license
-
quality
An MCP server for searching, inspecting, and evaluating NPM packages through health scoring and license risk assessments. It provides comprehensive package analysis including maintenance status, popularity trends, and security vulnerability reports to help users make informed dependency decisions.
Last updated a month ago
1
MIT

agent-bom

fpgaZeroMCP

Cycodeofficial

mbta-mpc-server

npm-registry-mcp