Open Source Supply Chain Risk
@apifyforge
About Open Source Supply Chain Risk
Open source supply chain risk analysis via MCP — give your AI agent direct access to CVE records, CISA KEV exploits, maintainer bus-factor scores, and typosquat detection across 7 live intelligence sources.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"open-source-supply-chain-risk-mcp": {
"url": "https://ryanclinton--open-source-supply-chain-risk-mcp.apify.actor/mcp"
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Open Source Supply Chain Risk?
An MCP server that analyzes open source supply chain risk through CVE records, CISA KEV exploits, maintainer bus-factor scores, and typosquat detection across seven live intelligence sources. It is built for security engineers, DevSecOps teams, and AI-assisted workflows requiring SBOM-grade risk intelligence within an AI client.
How to use Open Source Supply Chain Risk?
Add the server to your MCP client (e.g., Claude Desktop, Cursor, Windsurf) using the Streamable HTTP endpoint https://open-source-supply-chain-risk-mcp.apify.actor/mcp with your Apify API token in the Authorization: Bearer header. Start with the generate_oss_risk_report tool on a package or repository name.
Key features of Open Source Supply Chain Risk
- Typed OSS dependency network graph with 7 node types
- Maintainer bus-factor scoring with abandonment decay model
- CVE blast radius estimation via BFS graph traversal
- CISA KEV cross-referencing with active exploitation factor
- Levenshtein typosquat detection across discovered repository names
- 5-factor weighted supply chain risk scoring (0–1)
- Parallel queries across all 7 data sources (under 30 seconds)
- 5-minute in-process cache per session query
Use cases of Open Source Supply Chain Risk
- DevSecOps pipeline gate – block PRs on high‑risk or exploited dependencies
- SBOM audit and vendor risk management – generate reports with CISA remediation steps
- Incident response triage – discover blast radius of a new critical CVE
- Package vetting before adoption – compare maintainer health and risk scores
- Supply chain attack early warning – monitor ArXiv papers and community discussion trends
- Typosquat monitoring for package registries – detect malicious lookalike packages
FAQ from Open Source Supply Chain Risk
What data sources does the server use?
It queries GitHub, NVD, CISA KEV, Hacker News, StackExchange, ArXiv, and Censys concurrently.
How much does a tool call cost?
Each MCP tool call costs $0.035 (USD) under the Apify platform pricing.
Which MCP clients are supported?
Any client supporting Streamable HTTP or SSE transport works, including Claude Desktop, Cursor, Windsurf, and Cline.
Is there caching to avoid duplicate upstream queries?
Yes, a 5‑minute in-process cache keyed by source:query reuses upstream data for repeated tool calls on the same package within a session.
How do I authenticate with the server?
Use your Apify API token as a Bearer token in the Authorization header when connecting to the endpoint.
More Other MCP servers
Awesome Mcp Servers
punkpeyeA collection of MCP servers.
Awesome-MCP-ZH
yzflyMCP 资源精选, MCP指南,Claude MCP,MCP Servers, MCP Clients
MCP Toolbox for Databases
googleapisMCP Toolbox for Databases is an open source MCP server for databases.
XcodeBuildMCP
cameroncookeA Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
MCP Registry
modelcontextprotocolA community driven registry service for Model Context Protocol (MCP) servers.
Comments