Back to Home
securechaindev icon

securechain-mcp-server

Verified Safe

by securechaindev

View Source

Overview

Provides tools for AI agents and LLMs to query the status and analyze the software supply chain for security vulnerabilities, exploits, and dependencies.

Installation

Run Command
docker compose -f dev/docker-compose.yml up --build

Environment Variables

  • GRAPH_DB_URI
  • VULN_DB_URI
  • GRAPH_DB_USER
  • GRAPH_DB_PASSWORD
  • BACKEND_URL
  • REQUEST_TIMEOUT
  • DOCS_URL
  • DB_MIN_POOL_SIZE
  • DB_MAX_POOL_SIZE
  • DB_MAX_IDLE_TIME_MS
  • DB_DEFAULT_QUERY_TIMEOUT_MS
  • DB_VEXS_COLLECTION
  • DB_TIXS_COLLECTION
  • DB_VULNERABILITIES_COLLECTION
  • DB_CWES_COLLECTION
  • DB_EXPLOITS_COLLECTION

Security Notes

The server uses FastAPI and async Python with Aiohttp for network requests. Authentication for internal session management relies on an 'X-API-Key' header. Hardcoded default credentials for Neo4j and MongoDB (e.g., 'neo4j'/'neoSecureChain') are present in `settings.py`, which is a common pattern for defaults but should be changed in production via environment variables. The README instructs users to configure GitHub API keys and JWT secrets, which are likely consumed by other Secure Chain backend services rather than directly by this MCP server, but are crucial for the overall system's security. There are no obvious `eval`/`exec` or obfuscation patterns in the provided source.

Similar Servers

dependency-management-mcp-server

65

Connects AI assistants to Sonatype's dependency management and security intelligence platform for real-time insights into open source security, license compliance, and dependency health within the development workflow.

Other
7
$Medium

package-registry-mcp

30

Enables AI assistants and agents to search various package registries (NPM, Cargo, NuGet, PyPI, Go) and retrieve up-to-date package information.

Other
9
$Medium

planet-mcp

8

A Python-based project or service, likely related to development or build automation, given the tooling present.

5
$Low

pypi-mcp

2

Provides AI models with a Model Context Protocol (MCP) server to query PyPI package information, analyze dependencies, check vulnerabilities, and manage Python package data.

8
$High

Stats

Interest Score23
Security Score7
Cost ClassMedium
Avg Tokens1500
Stars2
Forks0
Last Update2026-01-03

Tags

Supply Chain SecurityVulnerability ManagementModel Context ProtocolAI IntegrationDependency Analysis