Kodus OSV
@kodustech
关于 Kodus OSV
Kodus MCP HTTP server exposing OSV (v1) for open source vulnerability lookup via osv_query/osv_query_batch tools.
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"mcp-osv-kodustech": {
"command": "bun",
"args": [
"run",
"index.ts"
],
"env": {
"PORT": "3000",
"HOST": "0.0.0.0",
"OSV_API_URL": "https://api.osv.dev/v1"
}
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Kodus OSV?
Kodus OSV is an HTTP MCP (Model Context Protocol) server that wraps the OSV v1 API for on‑demand open‑source vulnerability lookups. It exports MCP tools so AI agents can query the OSV vulnerability feed directly. The server uses a Streamable HTTP MCP endpoint and is intended for developers and security teams integrating vulnerability data into their MCP‑aware workflows.
How to use Kodus OSV?
Install dependencies with bun install, set environment variables (PORT, HOST, OSV_API_URL), and run bun run index.ts. The MCP endpoint is http://<host>:<port>/mcp. Clients can connect via Claude Code CLI (claude mcp add --transport http mcp-osv http://localhost:3000/mcp), VS Code (code --add-mcp), or the MCP Inspector.
Key features of Kodus OSV
- Streamable HTTP MCP endpoint at
/mcp - Two tools:
osv_query(single) andosv_query_batch(multiple) - Configurable base URL via
OSV_API_URLenvironment variable - Clear validation rules (commit XOR version, purl or name+ecosystem)
- Supports pagination with
pageTokenfield
Use cases of Kodus OSV
- Query vulnerabilities for a specific package version (e.g., PyPI, npm)
- Batch query multiple packages or commits in a single request
- Perform commit‑based vulnerability lookups for Go or other ecosystems
- Integrate real‑time OSV checks into MCP‑enabled IDEs or CLI agents
FAQ from Kodus OSV
What runtime does Kodus OSV require?
Bun is required. No other runtime is supported according to the README.
How can I change the OSV API endpoint?
Set the OSV_API_URL environment variable. It defaults to https://api.osv.dev/v1.
What tools does Kodus OSV provide?
Two tools: osv_query for a single vulnerability query and osv_query_batch for multiple queries in one request.
What are the rules for the package parameter in queries?
You must use either a purl string or the combination of name and ecosystem. If you use purl, do not include the @version part; provide the version separately in the version field.
How can I debug the server or test the tools?
The server logs a confirmation message on startup. You can use curl with a JSON‑RPC initialize request or a tools/list call against the /mcp endpoint to see available tools.
其他 分类下的更多 MCP 服务器
Codelf
unbugA search tool helps dev to solve the naming things problem.
🚀 Model Context Protocol (MCP) Curriculum for Beginners
microsoftThis open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable,
ICSS
chokcoco不止于 CSS
MaxKB
1Panel-dev🔥 MaxKB is an open-source platform for building enterprise-grade agents. 强大易用的开源企业级智能体平台。
ghidraMCP
LaurieWiredMCP Server for Ghidra
评论