MCP.so
登录

Open Source Supply Chain Risk

@apifyforge

关于 Open Source Supply Chain Risk

Open source supply chain risk analysis via MCP — give your AI agent direct access to CVE records, CISA KEV exploits, maintainer bus-factor scores, and typosquat detection across 7 live intelligence sources.

基本信息

分类

其他

许可证

MIT

发布者

apifyforge

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "open-source-supply-chain-risk-mcp": {
      "url": "https://ryanclinton--open-source-supply-chain-risk-mcp.apify.actor/mcp"
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Open Source Supply Chain Risk?

An MCP server that analyzes open source supply chain risk through CVE records, CISA KEV exploits, maintainer bus-factor scores, and typosquat detection across seven live intelligence sources. It is built for security engineers, DevSecOps teams, and AI-assisted workflows requiring SBOM-grade risk intelligence within an AI client.

How to use Open Source Supply Chain Risk?

Add the server to your MCP client (e.g., Claude Desktop, Cursor, Windsurf) using the Streamable HTTP endpoint https://open-source-supply-chain-risk-mcp.apify.actor/mcp with your Apify API token in the Authorization: Bearer header. Start with the generate_oss_risk_report tool on a package or repository name.

Key features of Open Source Supply Chain Risk

  • Typed OSS dependency network graph with 7 node types
  • Maintainer bus-factor scoring with abandonment decay model
  • CVE blast radius estimation via BFS graph traversal
  • CISA KEV cross-referencing with active exploitation factor
  • Levenshtein typosquat detection across discovered repository names
  • 5-factor weighted supply chain risk scoring (0–1)
  • Parallel queries across all 7 data sources (under 30 seconds)
  • 5-minute in-process cache per session query

Use cases of Open Source Supply Chain Risk

  • DevSecOps pipeline gate – block PRs on high‑risk or exploited dependencies
  • SBOM audit and vendor risk management – generate reports with CISA remediation steps
  • Incident response triage – discover blast radius of a new critical CVE
  • Package vetting before adoption – compare maintainer health and risk scores
  • Supply chain attack early warning – monitor ArXiv papers and community discussion trends
  • Typosquat monitoring for package registries – detect malicious lookalike packages

FAQ from Open Source Supply Chain Risk

What data sources does the server use?

It queries GitHub, NVD, CISA KEV, Hacker News, StackExchange, ArXiv, and Censys concurrently.

How much does a tool call cost?

Each MCP tool call costs $0.035 (USD) under the Apify platform pricing.

Which MCP clients are supported?

Any client supporting Streamable HTTP or SSE transport works, including Claude Desktop, Cursor, Windsurf, and Cline.

Is there caching to avoid duplicate upstream queries?

Yes, a 5‑minute in-process cache keyed by source:query reuses upstream data for repeated tool calls on the same package within a session.

How do I authenticate with the server?

Use your Apify API token as a Bearer token in the Authorization header when connecting to the endpoint.

评论

其他 分类下的更多 MCP 服务器