OSV MCP Server
@StacklokLabs
关于 OSV MCP Server
An MCP server for OSV
基本信息
配置
工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is OSV MCP Server?
The OSV MCP Server is an MCP (Model Context Protocol) server that provides access to the OSV (Open Source Vulnerabilities) database. It allows LLM-powered applications to query vulnerability information for packages, commits, and specific vulnerability IDs. The server uses SSE or Streamable HTTP transport and is intended for developers integrating vulnerability checks into MCP-compatible clients.
How to use OSV MCP Server?
Install with Go 1.21+ or use the recommended ToolHive containerized deployment. Configure with environment variables MCP_PORT (default 8080) and MCP_TRANSPORT (default sse, also supports streamable-http). The server exposes three MCP tools: query_vulnerability (single package/commit), query_vulnerabilities_batch (multiple queries), and get_vulnerability (by OSV ID). Invoke via any MCP client after running the server.
Key features of OSV MCP Server
- Query vulnerabilities by package name, ecosystem, and version or commit hash
- Batch query multiple packages or commits in a single call
- Get detailed information about a specific vulnerability by OSV ID
- Supports SSE and Streamable HTTP transport modes
- Configurable port and transport via environment variables
- Runs natively or via secure ToolHive container deployment
Use cases of OSV MCP Server
- Check if a specific package version (e.g., lodash 4.17.15) has known vulnerabilities
- Query vulnerabilities affecting a codebase by commit hash
- Batch scan your project’s dependencies for security issues
- Retrieve full details of a known vulnerability ID (e.g., GHSA-vqj2-4v8m-8vrq)
FAQ from OSV MCP Server
What runtime is required to run the OSV MCP Server from source?
Go 1.21 or later is required. Optional tools are Task and ko for building and container images.
How do I configure the server’s port and transport?
Set the MCP_PORT environment variable (valid integer 0–65535, default 8080) and MCP_TRANSPORT environment variable (supported values: sse, streamable-http, default sse).
What MCP tools does the server provide?
Three tools: query_vulnerability (single package/commit), query_vulnerabilities_batch (multiple queries), and get_vulnerability (by OSV ID). They allow querying the OSV database for vulnerability data.
How can I run the server with ToolHive?
Install ToolHive, run thv client setup to register a client, then thv run osv. The server is packaged as osv in ToolHive and will be available to MCP-compatible clients.
Where does the vulnerability data come from?
The server queries the public OSV (Open Source Vulnerabilities) database maintained at osv.dev.
其他 分类下的更多 MCP 服务器
Unity MCP ✨
justinpbarnettUnity MCP acts as a bridge between AI assistants and your Unity Editor. Give your LLM tools to manage assets, control scenes, edit scripts, and automate tasks within Unity.
XcodeBuildMCP
cameroncookeA Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
Mcp
browsermcpBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
Core Philosophy: Connect, Unify, Respond
mindsdbDelegate anything. It comes back done.
Nginx UI
0xJackyYet another WebUI for Nginx
评论