osv-mcp

osv-mcp

4
databasessecurity

The OSV MCP Server is a Model Context Protocol server designed to interface with the Open Source Vulnerabilities database. It allows users to query, batch query, and retrieve detailed information about vulnerabilities using an SSE-based protocol. The server is highly configurable and supports various package ecosystems like npm, PyPI, and Go.

Overview

  • This project is an SSE-based MCP server for querying the OSV (Open Source Vulnerabilities) database.
  • Features include querying vulnerabilities for specific package versions or commits, batch querying, and retrieving detailed information about a specific vulnerability by ID.

Installation

  • Requires Go 1.21 or later.
  • Optionally uses Task and ko for tasks and building container images.

Usage

  • Configurable via environment variables with a default port of 8080.
  • Provides MCP tools like query_vulnerability, query_vulnerabilities_batch, and get_vulnerability for interacting with vulnerability data.

Contributing

  • Contributions are welcome. Guidelines are available in the CONTRIBUTING guide.
  • Issues can be reported on GitHub or discussed in the community Discord server.