This server connects your editor to SBOMApp's hosted service for software supply chain analysis. It exposes tools to generate SBOMs in SPDX or CycloneDX formats, scan for CVEs with remediation guidance, analyze transitive dependencies, and flag license compliance issues. Works on local workspaces or remote Git repos. You'd reach for this when auditing third-party code, preparing compliance artifacts, or checking what dependencies an AI-generated snippet just pulled in. Uses bearer token auth with a 90-day free trial (100 requests), then requires a paid plan. Runs over streamable HTTP, so no local installation beyond the VS Code extension.
claude mcp add --transport http io.github.mcpsbom-sbom-mcp https://mcp.sbomapp.com/mcp