How does it integrate with my existing OWASP Dependency-Track instance?

The server acts as an intermediary, using your configured Dependency-Track base URL and either an API key or bearer token to communicate with the official Dependency-Track REST API.

What are the technical requirements to run Dependency-Track MCP Server?

You need Node.js 18+ and a reachable OWASP Dependency-Track instance. Proper authentication with a Dependency-Track API key or bearer token and necessary permissions is also required.

What key operations can I perform with this server?

You can list and search Dependency-Track projects, retrieve project-specific security findings, trigger project analysis, upload CycloneDX BOMs, and check asynchronous event token statuses.

Dependency-Track

Name: Dependency-Track
Author: daniel-brenner-fnt

0•

Provides a Model Context Protocol server exposing a practical subset of the OWASP Dependency-Track REST API over stdio.

This tool functions as a lightweight Model Context Protocol (MCP) server designed specifically for OWASP Dependency-Track. It wraps a key subset of the official Dependency-Track REST API, making its functionalities accessible over standard input/output (stdio). This enables seamless integration with other tools, such as Codex, to programmatically query projects, retrieve security findings, initiate analysis, upload CycloneDX Software Bills of Materials (BOMs), and monitor asynchronous task statuses.

主な機能

01Retrieve project-specific security findings

02List and search Dependency-Track projects

030 GitHub stars

04Trigger project analysis within Dependency-Track

05Upload CycloneDX BOMs to Dependency-Track

06Check the status of asynchronous event tokens

ユースケース

01Automate security analysis and reporting workflows with Dependency-Track

02Integrate Dependency-Track data and actions into other developer tools or IDEs

03Programmatically manage projects and upload SBOMs to a Dependency-Track instance