MCP Hub
Back to servers

MCP SBOM Server

This MCP server integrates Trivy to perform security scans on projects, generating standardized CycloneDX Software Bill of Materials (SBOM) for automated dependency tracking and vulnerability management.

glama
APIs & ServicesDevelopment Tools
Tools
1
Updated
Jun 25, 2025
View Source
Claim this server

MCP SBOM Server

Python MCP

MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.

Installation

Prerequisites

Install the following.

MCP Clients

Configuration

"mcpServers": {
        "mcp-sbom": {
            "command": "uv",
            "args": [
                "--directory",
                "/path/to/mcp-sbom",
                "run",
                "mcp-sbom"
            ]
        }
    }

Building

[!NOTE] This project employs uv.

  1. Synchronize dependencies and update the lockfile.
uv sync

Debugging

MCP Inspector

Use MCP Inspector.

Launch the MCP Inspector as follows:

npx @modelcontextprotocol/inspector uv --directory /path/to/mcp-sbom run mcp-sbom

MCP Inspector

Windows

When running on Windows, use paths of the style:

C:/Users/gkh/src/mcp-sbom-server/src/mcp_sbom

Reviews

No reviews yet

Sign in to write a review