Mcp Sbom Server
What is Mcp Sbom Server
mcp-sbom-server is a server designed to perform scans using Trivy and produce a Software Bill of Materials (SBOM) in CycloneDX format.
Use cases
Use cases include generating SBOMs for container images, performing security audits on software projects, and ensuring compliance with software supply chain regulations.
How to use
To use mcp-sbom-server, ensure you have Node.js, Trivy, and uv installed. Synchronize dependencies with ‘uv sync’ and use the MCP Inspector for debugging and running scans.
Key features
Key features include integration with Trivy for vulnerability scanning, generation of SBOMs in CycloneDX format, and support for dependency synchronization using uv.
Where to use
mcp-sbom-server can be used in software development environments, security assessments, and compliance checks where tracking software components and vulnerabilities is essential.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Mcp Sbom Server
mcp-sbom-server is a server designed to perform scans using Trivy and produce a Software Bill of Materials (SBOM) in CycloneDX format.
Use cases
Use cases include generating SBOMs for container images, performing security audits on software projects, and ensuring compliance with software supply chain regulations.
How to use
To use mcp-sbom-server, ensure you have Node.js, Trivy, and uv installed. Synchronize dependencies with ‘uv sync’ and use the MCP Inspector for debugging and running scans.
Key features
Key features include integration with Trivy for vulnerability scanning, generation of SBOMs in CycloneDX format, and support for dependency synchronization using uv.
Where to use
mcp-sbom-server can be used in software development environments, security assessments, and compliance checks where tracking software components and vulnerabilities is essential.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
MCP SBOM Server
MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.
Installation
Prerequisites
Install the following.
MCP Clients
Configuration
Building
[!NOTE]
This project employsuv.
- Synchronize dependencies and update the lockfile.
uv sync
Debugging
MCP Inspector
Use MCP Inspector.
Launch the MCP Inspector as follows:
npx @modelcontextprotocol/inspector uv --directory /path/to/mcp-sbom run mcp-sbom
Windows
When running on Windows, use paths of the style:
C:/Users/gkh/src/mcp-sbom-server/src/mcp_sbom
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
