mcp-sbom-server

mcp-sbom-server

1
security

The MCP SBOM Server is an MCP server designed to perform security scans using Trivy and generate Software Bill of Materials (SBOM) in CycloneDX format. It leverages tools like uv and MCP Inspector for operation and debugging.

MCP SBOM Server

Python MCP

MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.

Installation

Prerequisites

Install the following.

MCP Clients

Configuration

"mcpServers": {
        "mcp-sbom": {
            "command": "uv",
            "args": [
                "--directory",
                "/path/to/mcp-sbom",
                "run",
                "mcp-sbom"
            ]
        }
    }

Building

[!NOTE] This project employs uv.

  1. Synchronize dependencies and update the lockfile.
uv sync

Debugging

MCP Inspector

Use MCP Inspector.

Launch the MCP Inspector as follows:

npx @modelcontextprotocol/inspector uv --directory /path/to/mcp-sbom run mcp-sbom

MCP Inspector

Windows

When running on Windows, use paths of the style:

C:/Users/gkh/src/mcp-sbom-server/src/mcp_sbom