Back to Browse
Free
Server data from the Official MCP Registry
Software Bill of Materials generation + validation in CycloneDX 1.6 and SPDX 2.3 formats. Requir...
About
Software Bill of Materials generation + validation in CycloneDX 1.6 and SPDX 2.3 formats. Requir...
Security Report
2.2
Use Caution2.2Critical RiskThis MCP server is a scaffold implementation with functional authentication and rate-limiting, but contains several security and design concerns that require attention. Key issues include unauthenticated access to all tools (free tier works with no API key), a hardcoded API key in environment variable without proper masking, rate-limiting that can be trivially bypassed by using different identifiers, and an unsafe fallback auth mechanism that accepts any request when the shared auth engine is unavailable. While the code lacks malicious patterns and implements reasonable auth scope, these authentication weaknesses combined with unclear data handling for future regulation mapping features create moderate risk. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
3 files analyzed · 13 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-csoai-org-sbom-cyclonedx-mcp": {
"args": [
"sbom-cyclonedx-mcp"
],
"command": "uvx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
SBOM CycloneDX + SPDX Generator/Validator MCP
Software Bill of Materials generation + validation in CycloneDX 1.6 and SPDX 2.3 formats. Required by EO 14028 + NIS2 + CRA.
Install
pip install sbom-cyclonedx-mcp
Tools
| Tool | Purpose |
|---|---|
generate_sbom_cyclonedx | Generate CycloneDX 1.6 SBOM from package manifests |
generate_sbom_spdx | Generate SPDX 2.3 SBOM |
validate_sbom | Validate SBOM against CycloneDX/SPDX schema + completeness |
vex_attach | Attach VEX (Vulnerability Exploitability eXchange) statements |
regulation_map | Map SBOM to EO 14028 / NIS2 / CRA / FDA requirements |
Pairs with
meok-attestation-api— POST results to https://meok-attestation-api.vercel.app/sign for cryptographically signed compliance certsmeok-attestation-verify— public verification of any MEOK-signed cert- Other MEOK governance MCPs via SOV3
mcp_bridge_call
Pricing
- Free: 10 calls/day. No API key required.
- Pro £79/mo: unlimited + signed attestations. Subscribe
- Enterprise £1,499/mo: white-label + on-premise + SLA. hello@meok.ai
Status
Scaffold v1.0.0 ships the MCP framework + 5 tool stubs. v1.1.0 will add real regulation data ingestion.
If your team needs this MCP fully-loaded faster, ping hello@meok.ai for sponsored development.
License
MIT © MEOK AI Labs
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Fetch
Freeby Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
80.0K
Stars
3
Installs
5.3
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
464
Installs
8.0
Security
4.8
Local