Here's your editor's note: Microsoft's ESRP (Enterprise Software Release Process) server lets you verify the authenticity and provenance of open source packages published by Microsoft. You get tools to discover what's officially released and validate that packages haven't been tampered with before you pull them into your build pipeline. Reach for this when you need to enforce supply chain security for Microsoft OSS dependencies or audit what trusted packages are available. The server runs on Azure and supports both stdio for local Claude Desktop integration and streamable HTTP for remote deployments.
claude mcp add --transport stdio com.microsoft-esrp-oss-mcp-test -- npx -y @microsoft/esrp-release-test-integration