### Run OSV MCP Server with ToolHive Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Commands to install ToolHive, set up a client, run the OSV MCP server as a ToolHive service, list running servers, and get detailed information about the 'osv' service. ToolHive provides a secure, containerized deployment environment for MCP servers. ```bash thv client setup thv run osv thv list thv registry info osv ``` -------------------------------- ### Example Git Commit Message with DCO Signed-off-by Source: https://github.com/stackloklabs/osv-mcp/blob/main/dco.md Illustrates a standard Git commit message structure, demonstrating how to include the 'Signed-off-by' trailer. This trailer is essential for contributors to affirm their agreement to the Developer Certificate of Origin (DCO), ensuring legal compliance for their contributions. ```bash A commit message Closes gh-345 Signed-off-by: jane marmot ``` -------------------------------- ### Example: Query Vulnerabilities for a Package Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md An example JSON payload demonstrating how to query for vulnerabilities affecting a specific package by providing its name, ecosystem, and version. This payload is an example input for the `query_vulnerability` MCP tool. ```json { "package_name": "lodash", "ecosystem": "npm", "version": "4.17.15" } ``` -------------------------------- ### Example: Query Vulnerabilities for a Commit Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md An example JSON payload demonstrating how to query for vulnerabilities affecting a specific commit by providing its hash. This payload is an example input for the `query_vulnerability` MCP tool. ```json { "commit": "6879efc2c1596d11a6a6ad296f80063b558d5e0f" } ``` -------------------------------- ### Batch Querying Vulnerabilities Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Example JSON payload for querying multiple vulnerabilities by package name, ecosystem, and version. This allows for efficient retrieval of vulnerability information for a list of software components. ```json { "queries": [ { "package_name": "lodash", "ecosystem": "npm", "version": "4.17.15" }, { "package_name": "jinja2", "ecosystem": "PyPI", "version": "2.4.1" } ] } ``` -------------------------------- ### Getting Vulnerability Details by ID Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Example JSON payload for retrieving detailed information about a specific vulnerability using its unique identifier (ID). This is typically used after an initial query to fetch comprehensive vulnerability data. ```json { "id": "GHSA-vqj2-4v8m-8vrq" } ``` -------------------------------- ### Git Commit Message with DCO Signed-off-by for Private GitHub Email Source: https://github.com/stackloklabs/osv-mcp/blob/main/dco.md Presents an example of a Git commit message that includes the 'Signed-off-by' trailer, specifically tailored for GitHub users who have opted to keep their email address private. The example shows the use of a `noreply.github.com` alias in the signature, maintaining DCO compliance while protecting user privacy. ```bash A commit message Closes gh-345 Signed-off-by: jane marmot <462403+jmarmot@users.noreply.github.com> ``` -------------------------------- ### Configure and Run OSV MCP Server from Source Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Examples demonstrating how to run the OSV MCP server executable directly, configuring its port using the `MCP_PORT` environment variable. Shows running on a custom port (3000) and the default port (8080). The server uses port 8080 by default if `MCP_PORT` is not set or is invalid. ```bash MCP_PORT=3000 ./build/osv-mcp-server ./build/osv-mcp-server ``` -------------------------------- ### Git Command to Automatically Add Signed-off-by Trailer Source: https://github.com/stackloklabs/osv-mcp/blob/main/dco.md Provides the `git commit -s -m` command, which automates the process of adding the 'Signed-off-by' trailer to a Git commit message. The `-s` or `--signoff` option simplifies DCO compliance by automatically appending the required signature. ```bash git commit -s -m ``` -------------------------------- ### Build OSV MCP Server from Source Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Instructions to clone the repository and build the OSV MCP server executable using `git` and `task` commands. This process requires Go 1.21 or later and Task (optional, for running tasks). ```bash git clone https://github.com/StacklokLabs/osv-mcp.git cd osv-mcp task build ``` -------------------------------- ### Running Tests for Development Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Command to execute the test suite for the OSV-MCP server. This ensures that all components are functioning as expected and helps maintain code quality during development. ```bash task test ``` -------------------------------- ### Formatting Code Automatically Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Command to automatically format the source code according to predefined style guidelines. This helps maintain a consistent code style across the project, improving readability and collaboration. ```bash task fmt ``` -------------------------------- ### API: query_vulnerabilities_batch Input Schema Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Defines the JSON schema for the input parameters of the `query_vulnerabilities_batch` MCP tool. This tool allows querying for vulnerabilities affecting multiple packages or commits simultaneously, accepting an array of query objects, each with similar parameters to the single query tool. ```json { "type": "object", "properties": { "queries": { "type": "array", "description": "Array of query objects", "items": { "type": "object", "properties": { "commit": { "type": "string", "description": "The commit hash to query for. If specified, version should not be set." }, "version": { "type": "string", "description": "The version string to query for. If specified, commit should not be set." }, "package_name": { "type": "string", "description": "The name of the package." }, "ecosystem": { "type": "string", "description": "The ecosystem for this package (e.g., PyPI, npm, Go)." }, "purl": { "type": "string", "description": "The package URL for this package. If purl is used, package_name and ecosystem should not be set." } } } } }, "required": ["queries"] } ``` -------------------------------- ### API: query_vulnerability Input Schema Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Defines the JSON schema for the input parameters of the `query_vulnerability` MCP tool. This tool allows querying for vulnerabilities affecting a specific package version or commit, supporting parameters like `commit`, `version`, `package_name`, `ecosystem`, or `purl`. ```json { "type": "object", "properties": { "commit": { "type": "string", "description": "The commit hash to query for. If specified, version should not be set." }, "version": { "type": "string", "description": "The version string to query for. If specified, commit should not be set." }, "package_name": { "type": "string", "description": "The name of the package." }, "ecosystem": { "type": "string", "description": "The ecosystem for this package (e.g., PyPI, npm, Go)." }, "purl": { "type": "string", "description": "The package URL for this package. If purl is used, package_name and ecosystem should not be set." } } } ``` -------------------------------- ### Linting Code for Style and Errors Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Command to run the linter against the codebase. Linting helps identify potential programming errors, bugs, stylistic errors, and suspicious constructs, ensuring code consistency and quality. ```bash task lint ``` -------------------------------- ### API: get_vulnerability Input Schema Source: https://github.com/stackloklabs/osv-mcp/blob/main/README.md Defines the JSON schema for the input parameters of the `get_vulnerability` MCP tool. This tool retrieves detailed information for a specific vulnerability by providing its OSV vulnerability ID. ```json { "type": "object", "properties": { "id": { "type": "string", "description": "The OSV vulnerability ID" } }, "required": ["id"] } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.