MCP ExplorerExplorer

Mvn Mcp Server

@danielscholl-osduon 14 days ago
1 Apache-2.0
FreeCommunity
AI Systems
A java vulnerability management MCP Server with Maven and Trivy

Overview

What is Mvn Mcp Server

mvn-mcp-server is a Java-based Model Context Protocol (MCP) server designed for vulnerability management, utilizing Maven and Trivy to provide comprehensive dependency management tools for AI assistants.

Use cases

Use cases include automated dependency management in CI/CD pipelines, security vulnerability assessments for Java applications, and providing intelligent recommendations for dependency updates.

How to use

To use mvn-mcp-server, integrate it with your AI assistant to enable natural language interactions with the Maven Central repository, allowing for version checking, security scanning, and dependency analysis.

Key features

Key features include AI-driven development, version checking, batch processing, security vulnerability scanning, and intelligent version recommendations.

Where to use

mvn-mcp-server is ideal for software development environments where dependency management and security are critical, such as in enterprise applications and open-source projects.

Clients Supporting MCP

The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.

Claude Desktop

Claude Desktop: Official desktop application from Anthropic, natively supports MCP protocol. claude.ai/download

Cherry Studio

Cherry Studio: Cross-platform desktop client supporting multiple LLM providers, built-in MCP server support. cherry-ai.com

LobeChat

LobeChat: Modern open-source ChatGPT/LLMs UI, supports MCP protocol integration. lobehub.com

DeepChat

DeepChat: Cross-platform desktop AI assistant, compatible with MCP protocol, focusing on privacy and efficiency. deepchat.thinkinai.xyz

5ire

5ire: Cross-platform open-source desktop intelligent assistant MCP client, supports local knowledge base and MCP server. 5ire.app

View More MCP Clients

Content

Maven MCP Server

CI
Release
Python
Code style: black
Checked with mypy
License
MCP

A Model Context Protocol (MCP) server that provides AI assistants with powerful tools for Maven dependency management, including version checking, security scanning, and comprehensive dependency analysis.

Purpose

This server enables AI assistants to interact with Maven Central repository through natural language, providing comprehensive dependency management capabilities including version checking, batch processing, security vulnerability scanning, and intelligent version recommendations.

AI-Driven Development

AI-Driven
Copilot-Ready

This project follows an AI-driven development workflow:

  • 🤖 Built with AI - Developed using Claude Code and GitHub Copilot
  • 📋 AI Task Assignment - Issues labeled with copilot are automatically assigned
  • 📚 AI-Friendly Documentation - Comprehensive guides for AI agents in CLAUDE.md and .github/copilot-instructions.md
  • 🔄 Multi-Agent Orchestration - Different AI agents handle different tasks based on their strengths
  • 🧠 AI Evolution Tracking - Development insights captured in AI_EVOLUTION.md

Documentation

Setup

Installation

# Clone the repository
git clone https://github.com/danielscholl/mvn-mcp-server.git
cd mvn-mcp-server

# Install dependencies
uv sync

# Install the package in development mode
uv pip install -e '.[dev]'

# Run tests to verify installation
uv run pytest

MCP Configuration

To utilize this MCP server directly in other projects either use the buttons to install in VSCode, edit the .mcp.json file directory.

Clients tend to have slighty different configurations

Install with UV in VS Code Install with Docker in VS Code

To use this MCP server in your projects, add the following to your .mcp.json file:

{
  "mcpServers": {
    "mvn-mcp-server": {
      "type": "stdio",
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/danielscholl-osdu/mvn-mcp-server@main",
        "mvn-mcp-server"
      ],
      "env": {}
    }
  }
}

Usage

The MCP server provides several tools for working with Maven dependencies and Java projects. Below are examples of how to use each tool:

Check Single Version

mvn:check_version_tool
Parameters:
- dependency: "group:artifact" (e.g., "org.apache.logging.log4j:log4j-core")
- version: "2.17.1"
- packaging: "jar" (optional, defaults to "jar")
- classifier: null (optional)

Checks if a specific version exists and provides update information.

Batch Version Check

mvn:check_version_batch_tool
Parameters:
- dependencies: [
    {"dependency": "org.springframework:spring-core", "version": "5.3.0"},
    {"dependency": "com.fasterxml.jackson.core:jackson-databind", "version": "2.13.0"}
  ]

Process multiple dependency checks in a single request.

List Available Versions

mvn:list_available_versions_tool
Parameters:
- dependency: "org.apache.commons:commons-lang3"
- version: "3.12.0" (current version for context)
- include_all_versions: false (optional)

Lists all available versions grouped by minor version tracks.

Scan Java Project

mvn:scan_java_project_tool
Parameters:
- workspace: "/path/to/java/project"
- pom_file: "pom.xml" (optional, relative to workspace)
- scan_mode: "workspace" (optional)
- severity_filter: ["CRITICAL", "HIGH"] (optional)

Scans Maven projects for security vulnerabilities using Trivy.

Analyze POM File

mvn:analyze_pom_file_tool
Parameters:
- pom_file_path: "/path/to/pom.xml"
- include_vulnerability_check: true (optional)

Analyzes a single POM file for dependencies and vulnerabilities.

Available Tools

Version Management

  • check_version_tool: Check a Maven version and get all version update information
  • check_version_batch_tool: Process multiple Maven dependency version checks in a single batch
  • list_available_versions_tool: List all available versions grouped by minor version tracks

Security Scanning

  • scan_java_project_tool: Scan Java Maven projects for vulnerabilities using Trivy
  • analyze_pom_file_tool: Analyze a single Maven POM file for dependencies and vulnerabilities

Available Prompts

Interactive conversation starters and guided workflows for complex dependency management tasks:

Enterprise Workflow Prompts

  • list_mcp_assets: Comprehensive overview of all server capabilities
    • Arguments: None
    • Usage: Dynamic listing of prompts, tools, and resources with examples
  • triage: Analyze dependencies and create vulnerability triage report
    • Arguments: service_name (required), workspace (optional)
    • Usage: Comprehensive analysis following enterprise workflow: Discovery → Analysis → Security → Report
  • plan: Create actionable update plan from triage results
    • Arguments: service_name (required), priorities (optional list)
    • Usage: Creates structured remediation plan with phases, tasks, and full traceability

Using Prompts

Prompts provide guided workflows for complex dependency management tasks:

# Start a dependency triage
Use prompt: triage with service_name="my-service", workspace="./my-service"

# Create an update plan focusing on critical issues
Use prompt: plan with service_name="my-service", priorities=["CRITICAL", "HIGH"]

# View all server capabilities
Use prompt: list_mcp_assets

Available Resources

Resources provide persistent state between prompt executions:

  • triage://reports/{service_name}/latest - Latest triage report for a service
  • plans://updates/{service_name}/latest - Current update plan for a service
  • assets://server/capabilities - Dynamic list of server capabilities

Workflow Example

  1. Analyze Dependencies

    Use prompt: triage("my-service")
Result: Comprehensive analysis stored in triage://reports/my-service/latest

  2. Review Triage Report

    Access resource: triage://reports/my-service/latest
Contains: Vulnerabilities, outdated dependencies, POM analysis, recommendations

  3. Create Update Plan

    Use prompt: plan("my-service", ["CRITICAL"])
Result: Actionable plan stored in plans://updates/my-service/latest

  4. Implement Updates

    Use individual tools to execute specific updates following the plan:
- check_version_tool for validation
- scan_java_project_tool for verification

Error Handling

All tools return standardized error responses when issues occur:

{
  "tool_name": "[tool_name]",
  "status": "error",
  "error": {
    "code": "[ERROR_CODE]",
    "message": "[Error description]"
  }
}

Common error codes include:

  • INVALID_INPUT_FORMAT: Input parameters are malformed
  • DEPENDENCY_NOT_FOUND: The requested Maven dependency does not exist
  • VERSION_NOT_FOUND: The specific version does not exist
  • MAVEN_API_ERROR: Error connecting to Maven Central
  • INTERNAL_SERVER_ERROR: Unexpected server error

Development

Testing

# Run all tests
uv run pytest

# Run specific tests
uv run pytest src/mvn_mcp_server/tests/tools/test_check_version.py

Architecture

The server implements a layered architecture:

  • Service Layer: Core functionality for Maven API interactions, caching, and version handling
  • Tool Layer: MCP tool implementations that use the service layer
  • Shared Utilities: Common utilities for validation and error handling

License

MIT License

DevTools Supporting MCP

The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.

Zed

Zed: High-performance collaborative code editor, supports MCP protocol, providing a smooth programming experience. zed.dev

Cursor

Cursor: AI code editor built on VS Code, supports MCP protocol for context-aware programming. cursor.com

Windsurf

Windsurf: AI code editor from Codeium, integrates MCP protocol to provide intelligent code assistance. codeium.com/windsurf

Continue

Continue: Open-source AI programming assistant plugin, supports VS Code and JetBrains, compatible with MCP protocol. continue.dev

Trae

Trae: AI-driven code editor, supports MCP protocol, focusing on enhancing developer programming experience. trae.ai

View More MCP DevTools

Tools

No tools

Comments