OSV MCP Server
by StacklokLabs
The OSV MCP Server provides access to the Open Source Vulnerabilities (OSV) database. It allows LLM-powered applications to query vulnerability information using the Model Context Protocol (MCP).
Last updated: N/A
What is OSV MCP Server?
The OSV MCP Server is an SSE-based server that implements the Model Context Protocol to query the OSV database for vulnerability information. It provides tools to query vulnerabilities by package version, commit, or vulnerability ID.
How to use OSV MCP Server?
To use the server, you need to build it from source using Go 1.21 or later and Task. Once built, you can use the MCP tools (query_vulnerability, query_vulnerabilities_batch, get_vulnerability) by sending requests with the appropriate input schema, as demonstrated in the examples.
Key features of OSV MCP Server
Query vulnerabilities for a specific package version or commit
Batch query vulnerabilities for multiple packages or commits
Get detailed information about a specific vulnerability by ID
SSE-based server implementation
Uses the Model Context Protocol (MCP)
Use cases of OSV MCP Server
Integrating vulnerability information into LLM-powered security tools
Automated vulnerability scanning and reporting
Software composition analysis
Providing context to developers about potential vulnerabilities in their dependencies
FAQ from OSV MCP Server
What is OSV?
What is OSV?
OSV (Open Source Vulnerabilities) is a database of open source vulnerabilities.
What is MCP?
What is MCP?
MCP (Model Context Protocol) is a protocol for providing context to LLMs.
What prerequisites are needed to build the server?
What prerequisites are needed to build the server?
Go 1.21 or later and Task (optional).
How do I query for vulnerabilities?
How do I query for vulnerabilities?
Use the query_vulnerability MCP tool with the appropriate input schema.
How do I get details for a specific vulnerability?
How do I get details for a specific vulnerability?
Use the get_vulnerability MCP tool with the vulnerability ID.