Reduce costly production bugs

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

Mcp Sbom Server

Performs scans and generates Software Bill of Materials (SBOM) in CycloneDX format, while identifying vulnerabilities in software dependencies. Facilitates integration with MCP clients for efficient scanning and reporting.

Author

Mcp Sbom Server logo

gkhays

No License

Quick Info

GitHub GitHub Stars 2
NPM Weekly Downloads 0
Tools 1
Last Updated 6/27/2025

Actions

GitHub View on GitHub

Tags

sbom cyclonedx software sbom cyclonedx developer tools mcp sbom

MCP SBOM Server

Python MCP

MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.

Installation

Prerequisites

Install the following.

MCP Clients

Configuration

"mcpServers": {
        "mcp-sbom": {
            "command": "uv",
            "args": [
                "--directory",
                "/path/to/mcp-sbom",
                "run",
                "mcp-sbom"
            ]
        }
    }

Building

[!NOTE] This project employs uv.

  1. Synchronize dependencies and update the lockfile.
uv sync

Debugging

MCP Inspector

Use MCP Inspector.

Launch the MCP Inspector as follows:

npx @modelcontextprotocol/inspector uv --directory /path/to/mcp-sbom run mcp-sbom

Windows

When running on Windows, use paths of the style:

C:/Users/gkh/src/mcp-sbom-server/src/mcp_sbom
← Back to Developer Tools 🙏  Credits & Acknowledgments