Open Source Supply Chain Risk MCP Server

Assess open source software supply chain risk including dependency vulnerabilities, maintainer trust, license compliance, and typosquatting detection.

8 Tools

Tool	Description
map_dependency_network	Map OSS dependency network with vulnerability connectivity
assess_maintainer_risk	Assess maintainer bus factor and abandonment risk
detect_vulnerability_propagation	Detect CVE/KEV vulnerability propagation through dependencies
analyze_community_health	Analyze OSS community health from discussions and sentiment
score_supply_chain_risk	Multi-factor OSS supply chain risk score
detect_typosquat_indicators	Detect potential typosquatting packages
assess_research_security_landscape	Assess security research landscape from papers and discussions
generate_oss_risk_report	Comprehensive OSS supply chain risk report

Category

Cybersecurity

Quick Start

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "open-source-supply-chain-risk-mcp": {
      "url": "https://ryanclinton--open-source-supply-chain-risk-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_TOKEN"
      }
    }
  }
}

Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "open-source-supply-chain-risk-mcp": {
      "url": "https://ryanclinton--open-source-supply-chain-risk-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_TOKEN"
      }
    }
  }
}

Windsurf

Add to your MCP configuration:

{
  "mcpServers": {
    "open-source-supply-chain-risk-mcp": {
      "serverUrl": "https://ryanclinton--open-source-supply-chain-risk-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_TOKEN"
      }
    }
  }
}

Authentication

This server requires an Apify API token. Get yours free at Apify Console.

Pricing

Pay-per-use via Apify. See the Apify Store listing for pricing details.

Tags

cybersecurity supply-chain open-source vulnerability sbom

License

Proprietary - available via Apify Store.