scanoss-mcp-server
The SCANOSS MCP Server uses the Model Context Protocol to scan code for open source license compliance. It helps AI tools by detecting open source components and analyzing license compatibility, ensuring legal risk reduction in real-time operations.
SCANOSS MCP Server
A Model Context Protocol (MCP) server that provides tools for scanning code for open source license compliance using SCANOSS technology.
Overview
The SCANOSS MCP Server integrates SCANOSS's open source scanning capabilities with the Model Context Protocol, allowing Language Models to:
- Scan code snippets for undeclared open source content
- Check license compliance for combinations of open source licenses
- Get actionable insights on open source components in code
By leveraging this server, AI assistants can provide real-time feedback on code they generate or modify, ensuring compliance with open source licenses and reducing legal risks.
Features
- Code Scanning: Detect open source components in code snippets, including full components, files, and snippets.
- License Compliance: Analyze combinations of licenses for compatibility issues and compliance requirements.
- Formatted Results: Receive well-formatted, actionable insights on scan results.
- Optional API Key: Works with both free (osskb.org) and enterprise SCANOSS instances.
Requirements
- Python 3.12+
- uv for Python package management
- SCANOSS Python SDK
- MCP Python SDK
Installation
Local Installation
-
Clone this repository:
git clone https://github.com/matiasdaloia/scanoss-mcp-server.git cd scanoss-mcp-server -
Install dependencies using
uv:uv venv uv pip install -e . -
(Optional) Create a
.envfile in the root directory with your SCANOSS API key:SCANOSS_API_KEY=your_api_key_here SCANOSS_API_URL=https://your-scanoss-instance.com/api/scan/directIf no API key is provided, the server will use the free osskb.org service.
Docker Installation
-
Pull the pre-built Docker image:
docker pull mcp/scanoss-mcp-serverOr build it yourself:
docker build -t mcp/scanoss-mcp-server . -
Run using Docker:
docker run -i --rm -e SCANOSS_API_KEY=your_key_here -e SCANOSS_API_URL=https://your-scanoss-instance.com/api/scan/direct mcp/scanoss-mcp-server
Usage
Running the Server
Locally with uv
Run the MCP server:
uv run scanoss_mcp_server.py
With Docker
docker run -i --rm -e SCANOSS_API_KEY=your_key_here mcp/scanoss-mcp-server
Client Configuration
To use the SCANOSS MCP Server with your AI assistant or MCP client, you'll need to configure it properly:
For Claude Desktop
Add the following to your Claude Desktop configuration file (claude_desktop_config.json):
"scanoss-mcp-server": {
"command": "uv",
"args": [
"run",
"scanoss_mcp_server.py"
],
"env": {
"SCANOSS_API_KEY": "your_api_key_here",
"SCANOSS_API_URL": "https://your-scanoss-instance.com/api/scan/direct"
}
}
Or if using Docker:
"scanoss-mcp-server": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e", "SCANOSS_API_KEY",
"-e", "SCANOSS_API_URL",
"mcp/scanoss-mcp-server"
],
"env": {
"SCANOSS_API_KEY": "your_api_key_here",
"SCANOSS_API_URL": "https://your-scanoss-instance.com/api/scan/direct"
}
}
Available Tools
The server exposes the following tools to MCP clients:
- scan_code_snippet: Scans a code snippet for open source components
- Parameters:
code: The code snippet to scan (required)file_name: Name of the file (required)
- Parameters:
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- SCANOSS for their open source scanning technology
- Model Context Protocol for the MCP standard and SDK
- uv for fast Python package management