trustify-mcp
Verified Safeby guacsec
Overview
Acts as an MCP (Model Context Protocol) server, exposing Trustify instance's security vulnerability and SBOM data as structured tools for AI agents.
Installation
API_URL=<API URL> OPENID_ISSUER_URL=<OpenID Issuer URL> OPENID_CLIENT_ID=<OpenID Client ID> OPENID_CLIENT_SECRET=<OpenID Client secret> cargo run --release --bin streamableEnvironment Variables
- API_URL
- OPENID_ISSUER_URL
- OPENID_CLIENT_ID
- OPENID_CLIENT_SECRET
- AUTH_DISABLED
- RUST_LOG
Security Notes
The server securely handles sensitive information (API URLs, OpenID credentials) by requiring them to be provided via environment variables, preventing hardcoding. Authentication is robustly implemented using the `trustify-auth` library and OpenID Connect for token validation. A `AUTH_DISABLED=true` environment variable exists for development purposes; enabling this in a production environment would bypass critical authentication and pose a severe security risk. URL construction for interacting with the Trustify API directly utilizes user-provided strings for path components (e.g., SBOM URIs). While `reqwest` handles some aspects of URL safety, the server relies on the Trustify backend to fully validate these URIs against potential path traversal or injection, rather than performing its own explicit exhaustive sanitization on these segments.
Similar Servers
agentgateway
An API Gateway specialized for agent-to-agent and agent-to-tool communication, providing routing, security, and AI/LLM integration capabilities.
code-sage
A high-performance MCP server for semantic code search, analyzing codebases using AST-based chunking and providing hybrid keyword and vector embeddings search capabilities for AI clients.
mcp-server
A Model Context Protocol (MCP) server that provides real-time Indian options market data and volatility analytics from GetOutpost.in for integration with AI chat models like Claude.
cozyreq
An AI agent to interact with and explore API endpoints by consuming OpenAPI specifications and user prompts.