SBOM Scanner

MCP SBOM Server

MCP server to perform a Trivy scan and produce an SBOM in CycloneDX format.

Installation

Prerequisites

Install the following.

uv
trivy
Node.js

MCP Clients

Configuration

"mcpServers": {
        "mcp-sbom": {
            "command": "uv",
            "args": [
                "--directory",
                "/path/to/mcp-sbom",
                "run",
                "mcp-sbom"
            ]
        }
    }

Building

[!NOTE] This project employs uv.

Synchronize dependencies and update the lockfile.

uv sync

Debugging

MCP Inspector

Use MCP Inspector.

Launch the MCP Inspector as follows:

npx @modelcontextprotocol/inspector uv --directory /path/to/mcp-sbom run mcp-sbom

MCP Inspector

Windows

When running on Windows, use paths of the style:

C:/Users/gkh/src/mcp-sbom-server/src/mcp_sbom