home / mcp / secure chain mcp server
Provides tools to query multiple ecosystems, inspect vulnerabilities, analyze supply chains, and retrieve VEX documents via MCP.
Configuration
View docs{
"mcpServers": {
"securechaindev-securechain-mcp-server": {
"url": "https://mcp.securechain.dev/mcp",
"headers": {
"X-Auth-Pass": "your_password",
"X-Auth-Email": "[email protected]"
}
}
}
}Secure Chain MCP Server provides centralized programmatic access to your software supply chain data. It lets you query multiple ecosystems, inspect vulnerability intel, map direct and transitive dependencies, retrieve VEX documents, and integrate with AI agents via the Model Context Protocol.
You connect to the MCP server from an MCP client or editor extension and then perform queries to inspect your software supply chain. You can access vulnerability details, explore dependency graphs, and retrieve VEX documents for repositories. If you work locally, you can point your client at a local MCP endpoint; if you prefer a remote endpoint, you can use the official Secure Chain MCP URL.
Once connected, you can:
- Query packages across PyPI, NPM, Maven, Cargo, RubyGems, and NuGet ecosystems
- View vulnerability intelligence, including exploit and CWE information
- Visualize direct and transitive dependencies in a graph
- Retrieve Vulnerability Exploitability eXchange documents for repositories
- Leverage MCP integration to enable AI-assisted workflows within your toolingPrerequisites you need before starting: - Docker - Docker Compose - Python 3.14 or higher - A GUI tool for database visualization (optional but recommended) such as MongoDB Compass - Access to a web browser for the Neo4j graph visualization at localhost:7474 when containers are running
# 1) Prepare the environment and dependencies
# Ensure Docker and Docker Compose are installed on your system
# 2) Create a dedicated Docker network (optional but recommended)
docker network create securechain
# 3) Obtain data dumps for graphs and vulnerabilities (unzipped)
# Place the dumps in the project root as instructed by the setup guide
# 4) Start the databases and seed data
docker compose up --build
# 5) Run the application in development mode
# This starts the MCP server alongside its dependencies
docker compose -f dev/docker-compose.yml up --buildYou can configure access to MCP servers from your editor or IDE by adding an MCP configuration file, typically named mcp.json, with the appropriate server entries and authentication headers.
{
"servers": {
"Secure Chain MCP Server": {
"type": "http",
"url": "https://mcp.securechain.dev/mcp",
"headers": {
"X-Auth-Email": "your_email",
"X-Auth-Pass": "your_super_secret_password"
}
}
}
}In a local deployment, you can point your client to the local MCP endpoint and provide authentication headers as shown.
{
"servers": {
"Secure Chain MCP Server": {
"type": "http",
"url": "http://localhost:8005/mcp",
"headers": {
"X-Auth-Email": "[email protected]",
"X-Auth-Pass": "supersecre3T*"
}
}
}
}Keep your MCP access keys secure. Use unique credentials for each server and rotate them regularly. When running locally, use HTTPS in production and manage JWT secrets securely.
If you cannot reach the MCP endpoint, verify that Docker containers are running, the network is accessible, and the endpoint URL is correct. Check container logs for authentication errors or missing environment variables.
Query packages across PyPI, NPM, Maven, Cargo, RubyGems, and NuGet ecosystems to retrieve metadata and versions.
Access vulnerability intelligence including exploit details and CWE information for packages.
Explore direct and transitive dependencies through a graph representation of the software supply chain.
Retrieve Vulnerability Exploitability eXchange documents for repositories.
Integrate MCP with AI agents and LLMs to enable context-aware automation.