Best SPDX MCP Servers

SPDX (Software Package Data Exchange) is an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references.

View all SPDX MCP Servers

Why this server?
Generates Machine Learning Bill of Materials (MLBOM) in SPDX format for documenting AI agent dependencies and supply chain compliance.
inkog
Security Testing & QA Tools AI & Machine Learning
inkog-io
A
license
A
quality
B
maintenance
Security co-pilot for AI agents. Scans for vulnerabilities like prompt injection, infinite loops, and token bombing in AI Agents, audits MCP servers, verifies AGENTS.md governance, and generates EU AI Act compliance reports.
Last updated 2026-06-07
10
84
2
Apache 2.0
Why this server?
Generates standardized Software Bill of Materials (SBOM) reports in the SPDX format for security compliance and transparency.
agent-bom
Cloud Platforms Observability Security
msaad00
A
license
B
quality
B
maintenance
AI supply chain security scanner for MCP servers and AI agents. 18 tools for CVE scanning, blast radius mapping, CIS benchmarks, SBOM generation, and compliance enforcement across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Last updated 2026-06-12
55
22
Apache 2.0
Why this server?
Generates AI-BOMs in SPDX 3.0 format, providing a standard way to document AI software bill of materials.
AI BOM MCP
AI & Machine Learning Security Legal & Compliance
CSOAI-ORG
A
license
A
quality
A
maintenance
AI Bill of Materials compliance tracking and SBOM generation for AI/ML systems
Last updated 2026-06-12
4
MIT
Why this server?
Uses SPDX license identifiers to filter and validate the licensing of hardware IP cores imported from external repositories.
fpgaZeroMCP
Developer Tools Code Execution Embedded system
bard0-design
A
license
A
quality
B
maintenance
Provides AI assistants with a complete FPGA toolchain for HDL linting, simulation, synthesis, and place-and-route across various hardware targets. It features a GitHub-backed IP core registry that enables users to search for and import MIT-licensed cores directly through their chat interface.
Last updated 2026-04-06
15
MIT
Why this server?
Generates Software Bill of Materials (SBOM) reports in SPDX format for documenting software components and dependencies.
Cycodeofficial
Security Developer Tools
cycodehq
A
license
-
quality
A
maintenance
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
Last updated 2026-06-11
98
Why this server?
Uses SPDX identifiers to perform license risk assessments, categorizing npm packages into risk levels from low to critical.
npm-registry-mcp
Developer Tools Search Code Analysis
howmanysmall
A
license
-
quality
C
maintenance
An MCP server for searching, inspecting, and evaluating NPM packages through health scoring and license risk assessments. It provides comprehensive package analysis including maintenance status, popularity trends, and security vulnerability reports to help users make informed dependency decisions.
Last updated 2026-02-21
3
MIT
Why this server?
Used for the Software Bill of Materials (SBOM) format that lists all components included in the container image
mbta-mpc-server
Travel & Transportation Search Location Services
crdant
F
license
-
quality
C
maintenance
mbta-mpc-server
Last updated 2025-05-27

inkog

agent-bom

AI BOM MCP

fpgaZeroMCP

Cycodeofficial

npm-registry-mcp

mbta-mpc-server