playbooks

home / mcp / scancode mcp server

Scancode MCP Server

A Model Context Protocol (MCP) tool (TypeScript/Python) for legal-expert-grade analysis of software licenses using Scancode data, providing compliance insights and file content snippets.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "bivex-scancodemcp": {
      "command": "npx",
      "args": [
        "tsx",
        "C:\\Users\\Admin\\Desktop\\Dev\\ScancodeMCP\\index.ts"
      ],
      "env": {
        "NODE_NO_WARNINGS": "1"
      }
    }
  }
}

You are setting up an MCP server that analyzes software licenses using Scancode data. This server exposes tools to identify problematic licenses, pinpoint the files they affect, review scan issues, and generate targeted reports. It is built with the MCP TypeScript SDK and is designed to integrate with MCP clients such as Cursor to streamline license compliance workflows.

How to use

Use an MCP client to connect to this server via a local process (stdio) or a remote endpoint (http). Once connected, you can run individual tools or combine them in your workflow to analyze licenses, summarize risks, compare license compatibility, list high risk files, and obtain clause-level summaries for a given license. The tools are designed to be invoked with clear parameters and return structured results that you can incorporate into your compliance checks.

How to install

Prerequisites you need before starting:

  • Node.js 18 or higher
  • npm (comes with Node.js)

Then follow these concrete steps to set up and run the server locally.

Step by step install and run

# 1) Clone the project repository
git clone <your-repo-url> # Replace with your actual URL
cd <your-repo-directory>

# 2) Install dependencies
npm install

# 3) Ensure license scan data is available
# Place license_analysis_detailed.json in the project root next to index.ts

# 4) (Optional) TypeScript setup is included. You can customize tsconfig.json if needed
# 5) Build (compile TypeScript to JavaScript)
npx tsc

You can also run in development mode without a separate build step using a TypeScript runner.

Additional configuration and running notes

To run during development, you can execute the TypeScript entry point directly. To run using the built output, start from the dist folder.

Configuration for MCP clients and integration

You integrate this tool with an MCP client by launching it as a stdio server and providing the appropriate command and arguments. The following example demonstrates how Cursor can connect to a locally running MCP server.

Example: MCP server connection (stdio)

{
  "mcpServers": {
    "scancode_license": {
      "type": "stdio",
      "command": "npx",
      "args": ["tsx", "C:\\Users\\Admin\\Desktop\\Dev\\ScancodeMCP\\index.ts"],
      "env": {
        "NODE_NO_WARNINGS": "1"
      }
    }
  }
}

Tools and how to use them

The server exposes a set of tools designed to assist with license analysis and compliance. You can call these tools via the MCP client to perform specific tasks.

Available tools

mcp_ScancodeMCP_analyze_license_file

Clause-by-clause analysis of licenses found in given files, including obligations, risks, and compatibility. Accepts multiple file paths and supports reading a configurable number of lines from each file.

mcp_ScancodeMCP_summarize_license_risks

Lists all files with high-risk licenses (e.g., copyleft, unknown) and provides a legal risk summary for each license type.

mcp_ScancodeMCP_compare_license_compatibility

Evaluates legal compatibility between two licenses (for example, MIT vs GPL-3.0) and explains the outcome.

mcp_ScancodeMCP_list_high_risk_files

Enumerates files that have copyleft, unknown, or otherwise high-risk licenses, with a legal warning for each.

mcp_ScancodeMCP_get_license_clause_summary

Provides a clause-by-clause summary of a given license, covering obligations, risks, and compatibility notes.