Sbom Cyclonedx Mcp

Name: Sbom Cyclonedx Mcp
Author: CSOAI-ORG

CSOAI-ORG/sbom-cyclonedx-mcp

Generate and validate Software Bill of Materials in CycloneDX 1.6 and SPDX 2.3 from your agent before release or customer security reviews.

Overview

sbom-cyclonedx-mcp is an MCP server for the Ship phase that generates and validates SBOMs in CycloneDX 1.6 and SPDX 2.3.

What is this MCP server?

Generates SBOMs aligned to CycloneDX 1.6
Supports SPDX 2.3 format output and validation
stdio Python MCP server sbom-cyclonedx-mcp v1.0.2 on PyPI
Agent-driven validation without leaving the coding session
CSOAI-ORG GitHub repo for supply-chain automation pipelines
Supports CycloneDX 1.6 and SPDX 2.3 per server description
Published version 1.0.2 on PyPI identifier sbom-cyclonedx-mcp
stdio transport with runtimeHint python

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Hand-rolling SBOMs for every release burns time and agents cannot easily validate formats without a dedicated tool.

Who is it for?

Indie SaaS founders answering security reviews or preparing marketplace submissions with CycloneDX or SPDX.

Skip if: Projects with no third-party dependencies or teams that already automate SBOM solely in centralized CI with no agent workflow.

What do I get? / Deliverables

Your agent can produce and check standard SBOM files during security prep so you ship with auditable dependency records.

CycloneDX 1.6 or SPDX 2.3 SBOM artifacts from agent sessions
Validation results against those SBOM formats
Repeatable Ship-phase SBOM step documented in agent config

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

SBOM work belongs in Ship when you prove dependency transparency and supply-chain hygiene before launch. Security is the right subphase for compliance artifacts auditors and enterprise buyers expect at ship time.

How it compares

MCP SBOM generator and validator, not a full vulnerability scanner or license legal review service.

Common Questions / FAQ

Who is sbom-cyclonedx-mcp for?

Builders shipping software who need CycloneDX or SPDX SBOMs and want their AI agent to create or validate them inline.

When should I use sbom-cyclonedx-mcp?

Use it in Ship security work before launch, customer audits, or compliance checkpoints that require SBOM evidence.

How do I add sbom-cyclonedx-mcp to my agent?

Install sbom-cyclonedx-mcp from PyPI, configure stdio MCP with runtimeHint python, and point your client at the published server entry.

Sbom Cyclonedx Mcp

CSOAI-ORG/sbom-cyclonedx-mcp

Generate and validate Software Bill of Materials in CycloneDX 1.6 and SPDX 2.3 from your agent before release or customer security reviews.

Overview

sbom-cyclonedx-mcp is an MCP server for the Ship phase that generates and validates SBOMs in CycloneDX 1.6 and SPDX 2.3.

What is this MCP server?

Generates SBOMs aligned to CycloneDX 1.6
Supports SPDX 2.3 format output and validation
stdio Python MCP server sbom-cyclonedx-mcp v1.0.2 on PyPI
Agent-driven validation without leaving the coding session
CSOAI-ORG GitHub repo for supply-chain automation pipelines
Supports CycloneDX 1.6 and SPDX 2.3 per server description
Published version 1.0.2 on PyPI identifier sbom-cyclonedx-mcp
stdio transport with runtimeHint python

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Hand-rolling SBOMs for every release burns time and agents cannot easily validate formats without a dedicated tool.

Who is it for?

Indie SaaS founders answering security reviews or preparing marketplace submissions with CycloneDX or SPDX.

Skip if: Projects with no third-party dependencies or teams that already automate SBOM solely in centralized CI with no agent workflow.

What do I get? / Deliverables

Your agent can produce and check standard SBOM files during security prep so you ship with auditable dependency records.

CycloneDX 1.6 or SPDX 2.3 SBOM artifacts from agent sessions
Validation results against those SBOM formats
Repeatable Ship-phase SBOM step documented in agent config

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

MCP SBOM generator and validator, not a full vulnerability scanner or license legal review service.

Common Questions / FAQ

Who is sbom-cyclonedx-mcp for?

Builders shipping software who need CycloneDX or SPDX SBOMs and want their AI agent to create or validate them inline.

When should I use sbom-cyclonedx-mcp?

Use it in Ship security work before launch, customer audits, or compliance checkpoints that require SBOM evidence.

How do I add sbom-cyclonedx-mcp to my agent?

Install sbom-cyclonedx-mcp from PyPI, configure stdio MCP with runtimeHint python, and point your client at the published server entry.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is sbom-cyclonedx-mcp for?

When should I use sbom-cyclonedx-mcp?

How do I add sbom-cyclonedx-mcp to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is sbom-cyclonedx-mcp for?

When should I use sbom-cyclonedx-mcp?

How do I add sbom-cyclonedx-mcp to my agent?